Vulnerability Details : CVE-2010-4254
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-4254
Probability of exploitation activity in the next 30 days: 34.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4254
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-4254
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4254
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024
-
https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
Handle invalid instantiation of generic methods. · mono/mono@4905ef1 · GitHubPatch
-
https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
Handle invalid instantiation of generic methods. · mono/mono@65292a6 · GitHubPatch
-
https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
Handle invalid instantiation of generic methods. · mono/mono@cf1ec14 · GitHubPatch
-
http://www.securityfocus.com/bid/45051
Mono/Moonlight Generic Type Argument Local Privilege Escalation Vulnerability
-
http://www.vupen.com/english/advisories/2011/0076
Webmail | OVH- OVH
-
http://www.exploit-db.com/exploits/15974
Mono/Moonlight Generic Type Argument - Privilege Escalation - Linux dos Exploit
-
https://bugzilla.novell.com/show_bug.cgi?id=654136
Bug 654136 – Insufficient validation of generic type arguments during reflection allows violation of the type system
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:001
-
https://bugzilla.novell.com/show_bug.cgi?id=655847
Access Denied
-
http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
Vulnerabilities | Mono
Products affected by CVE-2010-4254
- cpe:2.3:a:novell:moonlight:*:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.7:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.9:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*