ubuntu · CVE-2011-0990

Quick triage

Priority: negligible Published: 2011-04-13 21:55:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-0990 negligible priority: Ubuntu including 1 source packages (mono), 11 status rows across 11 suites (dapper, hardy, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, upstream): ignored 6, not-affected 4, released 1.

Description:

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

cvelogic Threat Intelligence