CVE-2011-0990 (GCVE-0-2011-0990)
Vulnerability from cvelistv5
Published
2011-04-13 21:00
Modified
2024-08-06 22:14
Severity ?
CWE
  • n/a
Summary
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
References
cve@mitre.org http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
cve@mitre.org http://openwall.com/lists/oss-security/2011/04/06/14 Patch
cve@mitre.org http://secunia.com/advisories/44002 Vendor Advisory
cve@mitre.org http://secunia.com/advisories/44076 Vendor Advisory
cve@mitre.org http://www.mono-project.com/Vulnerabilities
cve@mitre.org http://www.securityfocus.com/bid/47208
cve@mitre.org http://www.vupen.com/english/advisories/2011/0904 Vendor Advisory
cve@mitre.org https://bugzilla.novell.com/show_bug.cgi?id=667077 Patch
cve@mitre.org https://exchange.xforce.ibmcloud.com/vulnerabilities/66625
cve@mitre.org https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c Patch
af854a3a-2127-422b-91ae-364da2661108 http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
af854a3a-2127-422b-91ae-364da2661108 http://openwall.com/lists/oss-security/2011/04/06/14 Patch
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/44002 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/44076 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.mono-project.com/Vulnerabilities
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/47208
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2011/0904 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://bugzilla.novell.com/show_bug.cgi?id=667077 Patch
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/66625
af854a3a-2127-422b-91ae-364da2661108 https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c Patch
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:26.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
          },
          {
            "name": "47208",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47208"
          },
          {
            "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
          },
          {
            "name": "44002",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mono-project.com/Vulnerabilities"
          },
          {
            "name": "44076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
          },
          {
            "name": "momo-arraycopy-security-bypass(66625)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
          },
          {
            "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
          },
          {
            "name": "ADV-2011-0904",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
        },
        {
          "name": "47208",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47208"
        },
        {
          "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
        },
        {
          "name": "44002",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mono-project.com/Vulnerabilities"
        },
        {
          "name": "44076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
        },
        {
          "name": "momo-arraycopy-security-bypass(66625)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
        },
        {
          "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
        },
        {
          "name": "ADV-2011-0904",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0904"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "name": "http://www.mono-project.com/Vulnerabilities",
              "refsource": "CONFIRM",
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
              "refsource": "CONFIRM",
              "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
            },
            {
              "name": "momo-arraycopy-security-bypass(66625)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "refsource": "MLIST",
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0990",
    "datePublished": "2011-04-13T21:00:00",
    "dateReserved": "2011-02-14T00:00:00",
    "dateUpdated": "2024-08-06T22:14:26.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0990\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-04-13T21:55:00.783\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en la optimizaci\u00f3n de FastCopy en el m\u00e9todo Array.Copy en metadata/icall.c de Mono, cuando se utiliza Moonlight 2.x anterior a 2.4.1 o 3.x anterior a 3.99.3, permite a atacantes remotos provocar un desbordamiento del b\u00fafer y modificar las estructuras internas de datos, tambi\u00e9n permite provocar una denegaci\u00f3n de servicio (ca\u00edda del plugin) o corromper el estado interno del gestor de seguridad mediante un fichero media manipulado, en el que un hilo realiza un cambio despu\u00e9s de una comprobaci\u00f3n de escritura pero antes de una acci\u00f3n de copiado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E062208D-082B-4BFD-85CA-3848ECE6F8CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"711824C0-5BFC-4D3A-BAB2-84B8F20BDD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C74F2C01-7E26-474A-B8CA-EFCC5C91D83D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704EB745-3307-4903-8B3B-DCC6682EE228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB7A6358-630E-43FA-B2B8-C99A8808BB09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AADDCD5B-D116-4BFC-BD2B-4EB6F4470359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21676825-737D-4071-A7F1-BFB6047215F1\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://openwall.com/lists/oss-security/2011/04/06/14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/44002\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44076\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mono-project.com/Vulnerabilities\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/47208\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0904\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=667077\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66625\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2011/04/06/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/44002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mono-project.com/Vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.novell.com/show_bug.cgi?id=667077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.