VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 13, 2011· Updated Apr 29, 2026

CVE-2011-0992

CVE-2011-0992

Description

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.

Affected products

7
  • Mono/Mono
    cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
  • Novell/Moonlight6 versions
    cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*

Patches

1
722f9890f09a

Fix access to freed members of a dead thread

https://github.com/mono/monoSebastien PouliotApr 6, 2011via nvd-ref
commit
1 file changed · +8 3
  • mono/metadata/threads.c+8 3 modified
    @@ -1036,12 +1036,17 @@ void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInterna
 		CloseHandle (thread);
 
 	if (this->synch_cs) {
-		DeleteCriticalSection (this->synch_cs);
-		g_free (this->synch_cs);
+		CRITICAL_SECTION *synch_cs = this->synch_cs;
 		this->synch_cs = NULL;
+		DeleteCriticalSection (synch_cs);
+		g_free (synch_cs);
 	}
 
-	g_free (this->name);
+	if (this->name) {
+		void *name = this->name;
+		this->name = NULL;
+		g_free (name);
+	}
 }
 
 static void mono_thread_start (MonoThread *thread)

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

12

News mentions

0

No linked articles in our index yet.