Unrated severityNVD Advisory· Published Dec 6, 2010· Updated Apr 29, 2026
CVE-2010-4254
CVE-2010-4254
Description
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Affected products
7cpe:2.3:a:novell:moonlight:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:novell:moonlight:*:*:*:*:*:*:*:*range: <=2.3.0
- cpe:2.3:a:novell:moonlight:2.99.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.7:*:*:*:*:*:*:*
- cpe:2.3:a:novell:moonlight:2.99.9:*:*:*:*:*:*:*
Patches
3cf1ec146f7c6Handle invalid instantiation of generic methods.
3 files changed · +19 −0
mono/metadata/reflection.c+3 −0 modified@@ -10605,6 +10605,9 @@ mono_reflection_bind_generic_method_parameters (MonoReflectionMethod *rmethod, M mono_g_hash_table_insert (image->generic_def_objects, imethod, rmethod); mono_loader_unlock (); } + + if (!mono_verifier_is_method_valid_generic_instantiation (inflated)) + mono_raise_exception (mono_get_exception_argument ("typeArguments", "Invalid generic arguments")); return mono_method_get_object (mono_object_domain (rmethod), inflated, NULL); }
mono/metadata/verify.c+15 −0 modified@@ -6042,6 +6042,14 @@ mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) return mono_class_is_valid_generic_instantiation (NULL, class); } +gboolean +mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) +{ + if (!method->is_inflated) + return TRUE; + return mono_method_is_valid_generic_instantiation (NULL, method); +} + #else gboolean @@ -6113,5 +6121,12 @@ mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) return TRUE; } +gboolean +mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) +{ + return TRUE; +} + + #endif
mono/metadata/verify-internals.h+1 −0 modified@@ -22,6 +22,7 @@ gboolean mono_verifier_is_enabled_for_class (MonoClass *klass) MONO_INTERNAL; gboolean mono_verifier_is_method_full_trust (MonoMethod *method) MONO_INTERNAL; gboolean mono_verifier_is_class_full_trust (MonoClass *klass) MONO_INTERNAL; gboolean mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) MONO_INTERNAL; +gboolean mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) MONO_INTERNAL; gboolean mono_verifier_verify_class (MonoClass *klass) MONO_INTERNAL;
65292a69c837Handle invalid instantiation of generic methods.
3 files changed · +19 −0
mono/metadata/reflection.c+3 −0 modified@@ -10539,6 +10539,9 @@ mono_reflection_bind_generic_method_parameters (MonoReflectionMethod *rmethod, M mono_g_hash_table_insert (image->generic_def_objects, imethod, rmethod); mono_loader_unlock (); } + + if (!mono_verifier_is_method_valid_generic_instantiation (inflated)) + mono_raise_exception (mono_get_exception_argument ("typeArguments", "Invalid generic arguments")); return mono_method_get_object (mono_object_domain (rmethod), inflated, NULL); }
mono/metadata/verify.c+15 −0 modified@@ -5958,6 +5958,14 @@ mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) return mono_class_is_valid_generic_instantiation (NULL, class); } +gboolean +mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) +{ + if (!method->is_inflated) + return TRUE; + return mono_method_is_valid_generic_instantiation (NULL, method); +} + #else gboolean @@ -6029,5 +6037,12 @@ mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) return TRUE; } +gboolean +mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) +{ + return TRUE; +} + + #endif
mono/metadata/verify-internals.h+1 −0 modified@@ -22,6 +22,7 @@ gboolean mono_verifier_is_enabled_for_class (MonoClass *klass) MONO_INTERNAL; gboolean mono_verifier_is_method_full_trust (MonoMethod *method) MONO_INTERNAL; gboolean mono_verifier_is_class_full_trust (MonoClass *klass) MONO_INTERNAL; gboolean mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) MONO_INTERNAL; +gboolean mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) MONO_INTERNAL; gboolean mono_verifier_verify_class (MonoClass *klass) MONO_INTERNAL;
4905ef1130feHandle invalid instantiation of generic methods.
3 files changed · +19 −0
mono/metadata/reflection.c+3 −0 modified@@ -10176,6 +10176,9 @@ mono_reflection_bind_generic_method_parameters (MonoReflectionMethod *rmethod, M mono_g_hash_table_insert (image->generic_def_objects, imethod, rmethod); mono_loader_unlock (); } + + if (!mono_verifier_is_method_valid_generic_instantiation (inflated)) + mono_raise_exception (mono_get_exception_argument ("typeArguments", "Invalid generic arguments")); return mono_method_get_object (mono_object_domain (rmethod), inflated, NULL); }
mono/metadata/verify.c+15 −0 modified@@ -6533,6 +6533,14 @@ mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) return mono_class_is_valid_generic_instantiation (NULL, class); } +gboolean +mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) +{ + if (!method->is_inflated) + return TRUE; + return mono_method_is_valid_generic_instantiation (NULL, method); +} + #else gboolean @@ -6611,5 +6619,12 @@ mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) return TRUE; } +gboolean +mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) +{ + return TRUE; +} + + #endif
mono/metadata/verify-internals.h+1 −0 modified@@ -22,6 +22,7 @@ gboolean mono_verifier_is_enabled_for_class (MonoClass *klass) MONO_INTERNAL; gboolean mono_verifier_is_method_full_trust (MonoMethod *method) MONO_INTERNAL; gboolean mono_verifier_is_class_full_trust (MonoClass *klass) MONO_INTERNAL; gboolean mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) MONO_INTERNAL; +gboolean mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) MONO_INTERNAL; gboolean mono_verifier_verify_class (MonoClass *klass) MONO_INTERNAL;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
13- github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399nvdPatch
- github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358nvdPatch
- github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcacnvdPatch
- secunia.com/advisories/42373nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlnvd
- secunia.com/advisories/42877nvd
- www.exploit-db.com/exploits/15974nvd
- www.mono-project.com/Vulnerabilitiesnvd
- www.securityfocus.com/bid/45051nvd
- www.vupen.com/english/advisories/2011/0076nvd
- bugzilla.novell.com/show_bug.cginvd
- bugzilla.novell.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.