CVE-2011-0990

CWE-362Race Condition5 documents5 sources
Severity
5.8MEDIUM
EPSS
1.2%
top 21.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Moonlight
Timeline
PublishedApr 13
Latest updateMay 17

Description

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDnovell/moonlight6 versions+5

Patches

Patch: openwall.comPatch: bugzilla.novell.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-c2pm-4p8q-67xh: Race condition in the FastCopy optimization in the Array2022-05-17
CVEList
CVE-2011-0990: Race condition in the FastCopy optimization in the Array2011-04-13

📋Vendor Advisories

1
Debian
CVE-2011-0990: mono - Race condition in the FastCopy optimization in the Array.Copy method in metadata...2011

💬Community

1
Bugzilla
CVE-2011-0989 CVE-2011-0990 CVE-2011-0991 CVE-2011-0992 mono: multiple vulnerabilities fixed in 2.4.1/3.99.32011-04-08
CVE-2011-0990 (MEDIUM CVSS 5.8) | Race condition in the FastCopy opti | cvebase.io