CVE-2012-4420 — Sensitive Information Exposure in Java-1.7.0-openjdk

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Java-1.7.0-openjdk Oracle JDK

Timeline

PublishedDec 26

Latest updateApr 23

Description

An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5java-1.7.0-openjdk/java-1.7.0-openjdk1.7.0_04 to 1.7.0_10

▶NVDoracle/jdk7.0

🔴Vulnerability Details

GHSA

GHSA-qmhj-qfmf-95g9: An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly in↗2022-04-23

▶

CVEList

CVE-2012-4420: An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly in↗2019-12-26

▶

📋Vendor Advisories

Red Hat

java-1.7.0-openjdk: JVM heap memory disclosure↗2012-09-07

▶

💬Community

Bugzilla

CVE-2012-4420 java-1.7.0-openjdk: JVM heap memory disclosure↗2012-09-12

▶