VYPR
Unrated severityNVD Advisory· Published Apr 13, 2011· Updated Jun 16, 2026

CVE-2011-0989

CVE-2011-0989

Description

The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Mono/Mono2 versions
    cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
    • (no CPE)
  • Novell/Moonlight6 versions
    cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*
  • Mono/Moonlightllm-fuzzy
    Range: <2.4.1 (2.x) or <3.99.3 (3.x)

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.