CVE-2011-0990

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*

Information

Published : 2011-04-13 14:55

Updated : 2017-08-16 18:33


NVD link : CVE-2011-0990

Mitre link : CVE-2011-0990


JSON object : View

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

dedicated server usa

Products Affected

novell

  • moonlight

mono

  • mono