Race Condition Vulnerability in Mono's FastCopy Optimization for Moonlight
CVE-2011-0990

Currently unrated

Key Information:

Vendor: Novell
Status: Moonlight; Mono
Vendor: CVE Published:; 13 April 2011

Summary

A race condition in the FastCopy optimization of the Array.Copy method in Mono can be exploited by remote attackers through specially crafted media files. This vulnerability allows a thread to alter internal data structures post-type check but pre-copy action, potentially leading to a buffer overflow. As a consequence, it could cause a denial of service by crashing the plugin or compromising the internal state of the security manager.

References

https://bugzilla.novell.com/show_bug.cgi?id=667077

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47208

vdb-entryx_refsource_BID

http://openwall.com/lists/oss-security/2011/04/06/14

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Feb 14, 2011