CVE-2012-3422

CWE-119Buffer Overflow9 documents8 sources
Severity
6.8MEDIUM
EPSS
1.2%
top 21.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Icedtea-web
Timeline
PublishedAug 7
Latest updateMay 17

Description

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianicedtea-web< 1.3-1+3

🔴Vulnerability Details

3
GHSA
GHSA-qwm3-gpj3-x6c9: The getFirstInTableInstance function in the IcedTea-Web plugin before 12022-05-17
CVEList
CVE-2012-3422: The getFirstInTableInstance function in the IcedTea-Web plugin before 12012-08-07
OSV
CVE-2012-3422: The getFirstInTableInstance function in the IcedTea-Web plugin before 12012-08-07

📋Vendor Advisories

3
Red Hat
icedtea-web: getvalueforurl uninitialized instance pointer2012-07-31
Ubuntu
IcedTea-Web vulnerabilities2012-07-31
Debian
CVE-2012-3422: icedtea-web - The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 retu...2012

💬Community

2
Bugzilla
CVE-2012-3422 CVE-2012-3423 icedtea-web various flaws [fedora-all]2012-07-31
Bugzilla
CVE-2012-3422 icedtea-web: getvalueforurl uninitialized instance pointer2012-07-16
CVE-2012-3422 (MEDIUM CVSS 6.8) | The getFirstInTableInstance functio | cvebase.io