Vulnerability Details : CVE-2007-5197
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-5197
- cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*
Threat overview for CVE-2007-5197
Top countries where our scanners detected CVE-2007-5197
Top open port discovered on systems with this issue
8989
IPs affected by CVE-2007-5197 44,827
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-5197!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-5197
2.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5197
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-5197
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5197
-
http://www.securitytracker.com/id?1018892
Access Denied
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38248
Mono Mono.Math.BigInteger integer overflow CVE-2007-5197 Vulnerability Report
-
http://www.novell.com/linux/security/advisories/2007_23_sr.html
404 Page Not Found | SUSE
-
http://bugs.gentoo.org/show_bug.cgi?id=197067
197067 – dev-lang/mono < 1.2.5-r1 Buffer overflow in BigInteger (CVE-2007-5197)
-
http://www.ubuntu.com/usn/usn-553-1
USN-553-1: Mono vulnerability | Ubuntu security notices | Ubuntu
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html
[SECURITY] Fedora 7 Update: mono-1.2.3-5.fc7
-
http://www.debian.org/security/2007/dsa-1397
[SECURITY] [DSA 1397-1] New mono packages fix integer overflow
-
https://bugzilla.redhat.com/show_bug.cgi?id=367471
367471 – (CVE-2007-5197) CVE-2007-5197: mono Math.BigInteger buffer overflow
-
http://www.securityfocus.com/bid/26279
-
http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml
Mono: Buffer overflow (GLSA 200711-10) — Gentoo security
-
http://www.vupen.com/english/advisories/2007/3716
Site en construction
-
http://bugs.gentoo.org/attachment.cgi?id=134361&action=view
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:218
Mandriva
Jump to