CVE-2011-0990 : Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x bef

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

Published 2011-04-13 21:55:01

Updated 2017-08-17 01:33:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-0990

Probability of exploitation activity in the next 30 days: 8.00%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-0990

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-0990

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0990

http://www.securityfocus.com/bid/47208

Moonlight Prior to 2.4.1/3.99.3 Multiple Security Vulnerabilities

CVEs referencing this url
https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c

Disable some of the FastCopy fast paths since they are racy. · mono/mono@2f00e4b · GitHub
Patch
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html

openSUSE-SU-2011:0313-1 (critical): moonlight security update

CVEs referencing this url
https://bugzilla.novell.com/show_bug.cgi?id=667077

Bug 667077 – VUL-0: Moonlight Multiple Vulnerabilities
Patch

CVEs referencing this url
http://www.mono-project.com/Vulnerabilities

Vulnerabilities | Mono

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0904

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/66625

Momo Moonlight Array.Copy security bypass CVE-2011-0990 Vulnerability Report
http://openwall.com/lists/oss-security/2011/04/06/14

oss-security - Moonlight release 2.4.1 with security fixes
Patch

CVEs referencing this url

Products affected by CVE-2011-0990

Novell » Moonlight » Version: 3.99
cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.31
cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.0
cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 3.0
cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.3.0
cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.4
cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
Matching versions
Mono » Mono
cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0990

Exploit prediction scoring system (EPSS) score for CVE-2011-0990

CVSS scores for CVE-2011-0990

CWE ids for CVE-2011-0990

References for CVE-2011-0990

Products affected by CVE-2011-0990