CVE-2011-0989

2011-04-1321:55:00

Debian Security Bug Tracker

security-tracker.debian.org

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.

OSVersionArchitecturePackageVersionFilename
Debian12allmono< 6.8.0.105+dfsg-3.3mono_6.8.0.105+dfsg-3.3_all.deb
Debian11allmono< 6.8.0.105+dfsg-3.3~deb11u1mono_6.8.0.105+dfsg-3.3~deb11u1_all.deb
Debian10allmono< 5.18.0.240+dfsg-3mono_5.18.0.240+dfsg-3_all.deb
Debian999allmono< 6.8.0.105+dfsg-3.6mono_6.8.0.105+dfsg-3.6_all.deb
Debian13allmono< 6.8.0.105+dfsg-3.6mono_6.8.0.105+dfsg-3.6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mono	< 6.8.0.105+dfsg-3.3	mono_6.8.0.105+dfsg-3.3_all.deb
Debian	11	all	mono	< 6.8.0.105+dfsg-3.3~deb11u1	mono_6.8.0.105+dfsg-3.3~deb11u1_all.deb
Debian	10	all	mono	< 5.18.0.240+dfsg-3	mono_5.18.0.240+dfsg-3_all.deb
Debian	999	all	mono	< 6.8.0.105+dfsg-3.6	mono_6.8.0.105+dfsg-3.6_all.deb
Debian	13	all	mono	< 6.8.0.105+dfsg-3.6	mono_6.8.0.105+dfsg-3.6_all.deb