5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.08 Low
EPSS
Percentile
94.3%
Race condition in the FastCopy optimization in the Array.Copy method in
metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before
3.99.3 is used, allows remote attackers to trigger a buffer overflow and
modify internal data structures, and cause a denial of service (plugin
crash) or corrupt the internal state of the security manager, via a crafted
media file in which a thread makes a change after a type check but before a
copy action.
Author | Note |
---|---|
mdeslaur | upstream note: The bug (and fix) is in mono source code but can only be exploited (by untrusted applications) when used by Moonlight. Setting severity to negligible. |
jdstrand | fixed in 2.10.5-1 |