CVE-2012-4420
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.
Se encontró un fallo de divulgación de información en la manera en que la implementación Java Virtual Machine (JVM) de Java SE 7 según lo dispuesto por OpenJDK 7 inicializó incorrectamente matrices enteras después de la asignación de memoria (en determinadas circunstancias tenían elementos distintos de cero inmediatamente después de la asignación). Un atacante remoto podría utilizar este fallo para obtener información potencialmente confidencial.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-08-21 CVE Reserved
- 2019-12-26 CVE Published
- 2024-05-23 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/09/13/3 | Mailing List |
|
| http://www.securityfocus.com/bid/55538 | Third Party Advisory | |
| https://access.redhat.com/security/cve/cve-2012-4420 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420 | Issue Tracking | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78693 | Third Party Advisory | |
| https://www.openwall.com/lists/oss-security/2012/09/12/4 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|