CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3422 – icedtea-web: getvalueforurl uninitialized instance pointer
https://notcve.org/view.php?id=CVE-2012-3422
07 Aug 2012 — The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. La función getFirstInTableInstance en el complemento IcedTea-Web anteior a v1.2.1 devuelve un puntero no inicializado cuando el hash instance_to_id_map está vacío, lo que perm... • http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 2CVE-2012-3423 – icedtea-web: incorrect handling of not 0-terminated strings
https://notcve.org/view.php?id=CVE-2012-3423
07 Aug 2012 — The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. El complemento IcedTea-Web anterior a v1.2.1 no maneja adecuadamente los (NPVariant) (NPStrings) sin terminadores NUL, lo que permite a atacantes remotos causar una denegación de servicio (caída), obtener información sensible de la memoria, o ... • http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •