CVE-2011-0991

Description

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.

Category

6.8
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 2.71% Top 15%
Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory mono-project.com Vendor Advisory vupen.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://bugzilla.novell.com/show_bug.cgi?id=660422
https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66626 vdb entry
https://bugzilla.novell.com/show_bug.cgi?id=667077 patch
http://www.securityfocus.com/bid/47208 vdb entry
https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a patch
http://openwall.com/lists/oss-security/2011/04/06/14 mailing list patch
http://secunia.com/advisories/44002 third party advisory vendor advisory
http://www.mono-project.com/Vulnerabilities vendor advisory
http://secunia.com/advisories/44076 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html mailing list
http://www.vupen.com/english/advisories/2011/0904 vdb entry vendor advisory
https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0 patch

Frequently Asked Questions

What is the severity of CVE-2011-0991?
CVE-2011-0991 has been scored as a medium severity vulnerability.
How to fix CVE-2011-0991?
To fix CVE-2011-0991, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2011-0991 being actively exploited in the wild?
It is possible that CVE-2011-0991 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.