CVE-2011-0992 - Vulnerability Details - OpenCVE

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mono	Mono
Novell	Moonlight

Configuration 1 [-]

OR	cpe:2.3:a:mono:mono::::::::
	cpe:2.3:a:novell:moonlight:2.0:::::::*
	cpe:2.3:a:novell:moonlight:2.3.0:::::::*
	cpe:2.3:a:novell:moonlight:2.4:::::::*
	cpe:2.3:a:novell:moonlight:2.31:::::::*
	cpe:2.3:a:novell:moonlight:3.0:::::::*
	cpe:2.3:a:novell:moonlight:3.99:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
http://openwall.com/lists/oss-security/2011/04/06/14
http://secunia.com/advisories/44002
http://secunia.com/advisories/44076
http://www.mono-project.com/Vulnerabilities
http://www.securityfocus.com/bid/47208
http://www.vupen.com/english/advisories/2011/0904
https://bugzilla.novell.com/show_bug.cgi?id=667077
https://bugzilla.novell.com/show_bug.cgi?id=678515
https://bugzilla.redhat.com/show_bug.cgi?id=694933
https://exchange.xforce.ibmcloud.com/vulnerabilities/66627
https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-04-13T21:00:00

Updated: 2024-08-06T22:14:26.539Z

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-0992

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-04-13T21:55:00.890

Modified: 2024-11-21T01:25:15.877

Link: CVE-2011-0992

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "momo-monothread-info-disclosure(66627)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"}, {"name": "47208", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47208"}, {"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/06/14"}, {"name": "44002", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44002"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mono-project.com/Vulnerabilities"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"}, {"name": "44076", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44076"}, {"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"}, {"name": "ADV-2011-0904", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0904"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0992", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "momo-monothread-info-disclosure(66627)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=678515", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"}, {"name": "47208", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47208"}, {"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/04/06/14"}, {"name": "44002", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44002"}, {"name": "http://www.mono-project.com/Vulnerabilities", "refsource": "CONFIRM", "url": "http://www.mono-project.com/Vulnerabilities"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"}, {"name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91", "refsource": "CONFIRM", "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"}, {"name": "44076", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44076"}, {"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", "refsource": "MLIST", "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"}, {"name": "ADV-2011-0904", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0904"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:26.539Z"}, "title": "CVE Program Container", "references": [{"name": "momo-monothread-info-disclosure(66627)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"}, {"name": "47208", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47208"}, {"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/06/14"}, {"name": "44002", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44002"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mono-project.com/Vulnerabilities"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"}, {"name": "44076", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44076"}, {"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"}, {"name": "ADV-2011-0904", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0904"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0992", "datePublished": "2011-04-13T21:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:26.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*", "matchCriteriaId": "E062208D-082B-4BFD-85CA-3848ECE6F8CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "711824C0-5BFC-4D3A-BAB2-84B8F20BDD7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C74F2C01-7E26-474A-B8CA-EFCC5C91D83D", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "704EB745-3307-4903-8B3B-DCC6682EE228", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*", "matchCriteriaId": "DB7A6358-630E-43FA-B2B8-C99A8808BB09", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AADDCD5B-D116-4BFC-BD2B-4EB6F4470359", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*", "matchCriteriaId": "21676825-737D-4071-A7F1-BFB6047215F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."}, {"lang": "es", "value": "Vulnerabilidad de tipo usar despu\u00e9s de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del plugin) u obtener informaci\u00f3n confidencial a trav\u00e9s de datos miembros de una instancia \"resurrected MonoThread\"."}], "id": "CVE-2011-0992", "lastModified": "2024-11-21T01:25:15.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-13T21:55:00.890", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/06/14"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44002"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44076"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mono-project.com/Vulnerabilities"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/47208"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0904"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"}, {"source": "cve@mitre.org", "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/06/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mono-project.com/Vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}