FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mono -- DoS and code execution

Affected packages
mono < 4.2

Details

VuXML ID 4b3a7e70-afce-11e5-b864-14dae9d210b8
Discovery 2015-12-19
Entry 2015-12-31

NCC Group reports:

An attacker who can cause a carefully-chosen string to be converted to a floating-point number can cause a crash and potentially induce arbitrary code execution.

References

CVE Name CVE-2009-0689
URL http://seclists.org/oss-sec/2015/q4/543