En

Mono官网安全更新(2009-02-22)

来源:Mono官网 发布日期:2009-02-22 阅读次数:222 评论:0

基本信息

发布日期:2009-02-22(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2019-12-05 19:41:50

风险等级:未知

情报贡献:TSRC

更新标题

string-to-double parser bug

更新详情

CVE: CVE-2009-0689Mono’s string-to-double parser may crash, on specially crafted input.
This could theoretically lead to arbitrary code execution.The following sample program may crash the runtime, on affected versions:using System;
class Test
{
static void Main()
{
string input = "1." + new string('1', 294912);
Double.Parse(input);
}
}
Versions affected:
All versions prior to 4.2.0.179
Versions fixed:
3.10.0-0xamarin4, 3.12.1-0xamarin2, 3.8.0-0xamarin3, 4.0.5.1-0xamarin2 packages in our Debian security repositories.
Individual patch for affected versions:https://gist.github.com/directhex/01e853567fd2cc74ed39Credits:
Peter McLarnan Peter.McLarnan@nccgroup.trust
Andy Schmitz andy.schmitz@nccgroup.trust

软件描述

Mono是一个软件平台,旨在使开发人员可以轻松创建.NET Foundation一部分的跨平台应用程序。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入