CVE-2012-3423
published 2012-08-07CVE-2012-3423: The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | icedtea-web | < icedtea-web 1.3-1 (bookworm) | icedtea-web 1.3-1 (bookworm) |
| redhat | icedtea-web | <= 1.2 | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | — | — |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
| redhat | icedtea-web | >= 0 < 1.3-1 | 1.3-1 |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH