CVE-2012-3423

EPSS 2.8%

Published: 8/7/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-3423

Description

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

Affected packages (1)

Debian/icedtea-webfrom 0, < 1.3-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3423