CVE-2011-0991 : Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attack

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.

Published 2011-04-13 21:55:01

Updated 2017-08-17 01:33:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-0991

Probability of exploitation activity in the next 30 days: 2.89%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-0991

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-0991

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0991

https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c

Don't use finalization to cleanup dynamic methods. · mono/mono@89d1455 · GitHub
Patch
http://www.securityfocus.com/bid/47208

Moonlight Prior to 2.4.1/3.99.3 Multiple Security Vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html

openSUSE-SU-2011:0313-1 (critical): moonlight security update

CVEs referencing this url
https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0

Implement a reference queue API. · mono/mono@8eb1189 · GitHub
Patch
https://bugzilla.novell.com/show_bug.cgi?id=667077

Bug 667077 – VUL-0: Moonlight Multiple Vulnerabilities
Patch

CVEs referencing this url
http://www.mono-project.com/Vulnerabilities

Vulnerabilities | Mono
Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0904

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a

Don't use finalization to cleanup dynamic methods. · mono/mono@3f8ee42 · GitHub
Patch
https://bugzilla.novell.com/show_bug.cgi?id=660422

Bug 660422 – Dynamic method can be finalized before it is called
https://exchange.xforce.ibmcloud.com/vulnerabilities/66626

Momo Moonlight DynamicMethod code execution CVE-2011-0991 Vulnerability Report
http://openwall.com/lists/oss-security/2011/04/06/14

oss-security - Moonlight release 2.4.1 with security fixes
Patch

CVEs referencing this url

Products affected by CVE-2011-0991

Novell » Moonlight » Version: 3.99
cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.31
cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.0
cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 3.0
cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.3.0
cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
Matching versions
Novell » Moonlight » Version: 2.4
cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
Matching versions
Mono » Mono
cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0991

Exploit prediction scoring system (EPSS) score for CVE-2011-0991

CVSS scores for CVE-2011-0991

CWE ids for CVE-2011-0991

References for CVE-2011-0991

Products affected by CVE-2011-0991