CVE-2012-3422
published 2012-08-07CVE-2012-3422: The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | icedtea-web | < icedtea-web 1.3-1 (bookworm) | icedtea-web 1.3-1 (bookworm) |
| redhat | icedtea-web | <= 1.2 | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM