Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3422

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3422
Last Modified 04 Oct 2014 12:53:51
Published 07 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3422

Summary

The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

Vulnerable Systems

Application

  • Redhat Icedtea-web 1.0

  • Redhat Icedtea-web 1.1

  • Redhat Icedtea-web 1.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=840592

UBUNTU - USN-1521-1

SECUNIA - 50089

REDHAT - RHSA-2012:1132

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS

SUSE - openSUSE-SU-2012:0982

SUSE - openSUSE-SU-2012:0981

SUSE - SUSE-SU-2012:0979

SUSE - openSUSE-SU-2013:0966

SUSE - openSUSE-SU-2013:0893

SUSE - openSUSE-SU-2013:0826

SUSE - SUSE-SU-2013:0851

SUSE - SUSE-SU-2013:1174

GENTOO - GLSA-201406-32

Related Patches

Novell SUSE 2012:6621 icedtea-web security update for SLED 11 SP1 i586

Novell SUSE 2012:6621 icedtea-web security update for SLED 11 SP1 x86_64

Novell SUSE 2012:6626 icedtea-web security update for SLED 11 SP2 i586

Novell SUSE 2012:6626 icedtea-web security update for SLED 11 SP2 x86_64


Last Updated: 27 May 2016 10:55:02