6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.7%
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or
3.x before 3.99.3 is used, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
finalizing and then resurrecting a DynamicMethod instance.
Author | Note |
---|---|
mdeslaur | upstream note: The bug (and fix) is in mono source code but can only be exploited (by untrusted applications) when used by Moonlight. Setting severity to negligible. |