CVE-2011-0989
First published: Fri Apr 08 2011(Updated: )
It was reported [1] that threads in Mono were not properly cleaned up upon finalization, so if one thread was resurrected, it would be possible to see the pointer to freed memory. This could lead to unintended information disclosure, and possibly a crash. This has been corrected upstream [2]. [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=678515">https://bugzilla.novell.com/show_bug.cgi?id=678515</a> [2] <a href="https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91">https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moonlight | =3.0 | |
| Moonlight | =2.4 | |
| Moonlight | =2.31 | |
| Moonlight | =3.99 | |
| Mono | ||
| Moonlight | =2.3.0 | |
| Moonlight | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/44002
- https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e
- http://www.vupen.com/english/advisories/2011/0904
- http://www.securityfocus.com/bid/47208
- http://openwall.com/lists/oss-security/2011/04/06/14
- https://bugzilla.novell.com/show_bug.cgi?id=667077
- http://www.mono-project.com/Vulnerabilities
- http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
- http://secunia.com/advisories/44076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66624
- https://bugzilla.novell.com/show_bug.cgi?id=678515
- https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=694934
- https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c
- https://bugzilla.novell.com/show_bug.cgi?id=660422
- https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a
- https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c
- https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=694933
- https://bugzilla.redhat.com/show_bug.cgi?id=694933
Frequently Asked Questions
What is the severity of CVE-2011-0989?
CVE-2011-0989 has a severity level that indicates potential for information disclosure and system crashes.
How do I fix CVE-2011-0989?
To remediate CVE-2011-0989, upgrade to the latest version of Mono or Novell Moonlight that includes the fix.
What types of software are affected by CVE-2011-0989?
CVE-2011-0989 affects multiple versions of Mono and Novell Moonlight, specifically versions such as 2.0, 2.3.0, 2.4, 2.31, 3.0, and 3.99.
What potential impact does CVE-2011-0989 have on my system?
CVE-2011-0989 can lead to unintended information disclosure and may cause a crash if a thread is resurrected.
Is there a patch available for CVE-2011-0989?
Yes, a patch for CVE-2011-0989 has been made available in the upstream releases.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0989
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/novell
- canonical/moonlight
- version/moonlight/3.0
- version/moonlight/2.4
- version/moonlight/2.31
- version/moonlight/3.99
- vendor/mono
- canonical/mono
- version/moonlight/2.3.0
- version/moonlight/2.0