CVE-2012-3423

CWE-119 — Buffer Overflow9 documents8 sources

Severity

7.5HIGH

EPSS

2.8%

top 13.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Icedtea-web

Timeline

PublishedAug 7

Latest updateMay 17

Description

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianicedtea-web< 1.3-1+3

▶NVDredhat/icedtea-web1.2+2

Patches

Patch: icedtea.classpath.org ↗Patch: icedtea.classpath.org ↗Patch: icedtea.classpath.org ↗

🔴Vulnerability Details

GHSA

GHSA-wg7g-m9g6-qcmw: The IcedTea-Web plugin before 1↗2022-05-17

▶

CVEList

CVE-2012-3423: The IcedTea-Web plugin before 1↗2012-08-07

▶

OSV

CVE-2012-3423: The IcedTea-Web plugin before 1↗2012-08-07

▶

📋Vendor Advisories

Red Hat

icedtea-web: incorrect handling of not 0-terminated strings↗2012-07-31

▶

Ubuntu

IcedTea-Web vulnerabilities↗2012-07-31

▶

Debian

CVE-2012-3423: icedtea-web - The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings...↗2012

▶

💬Community

Bugzilla

CVE-2012-3422 CVE-2012-3423 icedtea-web various flaws [fedora-all]↗2012-07-31

▶

Bugzilla

CVE-2012-3423 icedtea-web: incorrect handling of not 0-terminated strings↗2012-07-18

▶