CVE-2012-4420 - OpenCVE

An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Jdk

Configuration 1 [-]

cpe:2.3:a:oracle:jdk:7.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2012/09/13/3
http://www.securityfocus.com/bid/55538
https://access.redhat.com/security/cve/cve-2012-4420
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420
https://exchange.xforce.ibmcloud.com/vulnerabilities/78693
https://nvd.nist.gov/vuln/detail/CVE-2012-4420
https://www.cve.org/CVERecord?id=CVE-2012-4420
https://www.openwall.com/lists/oss-security/2012/09/12/4

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-12-26T20:46:04

Updated: 2024-08-06T20:35:09.464Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4420

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-26T21:15:11.087

Modified: 2020-01-14T17:33:36.177

Link: CVE-2012-4420

Redhat

Severity :

Publid Date: 2012-09-07T00:00:00Z

Links: CVE-2012-4420 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "java-1.7.0-openjdk", "vendor": "java-1.7.0-openjdk", "versions": [{"status": "affected", "version": "1.7.0_04 to 1.7.0_10"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-26T20:46:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2012-4420"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/09/13/3"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/55538"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2012/09/12/4"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.464Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2012-4420"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/09/13/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/55538"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2012/09/12/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4420", "datePublished": "2019-12-26T20:46:04", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:35:09.464Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D88D770-A679-4CD1-9203-925F2B17AE6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de divulgaci\u00f3n de informaci\u00f3n en la manera en que la implementaci\u00f3n Java Virtual Machine (JVM) de Java SE 7 seg\u00fan lo dispuesto por OpenJDK 7 inicializ\u00f3 incorrectamente matrices enteras despu\u00e9s de la asignaci\u00f3n de memoria (en determinadas circunstancias ten\u00edan elementos distintos de cero inmediatamente despu\u00e9s de la asignaci\u00f3n). Un atacante remoto podr\u00eda utilizar este fallo para obtener informaci\u00f3n potencialmente confidencial."}], "id": "CVE-2012-4420", "lastModified": "2020-01-14T17:33:36.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-26T21:15:11.087", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/09/13/3"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/55538"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2012-4420"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2012/09/12/4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "java-1.7.0-openjdk: JVM heap memory disclosure", "id": "856588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856588"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information."], "name": "CVE-2012-4420", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.4.2-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.4.2-ibm-sap", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.5.0-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.4.2-ibm-sap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.5.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-09-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-4420\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4420"], "statement": "This flaw was found to be a duplicate of CVE-2012-4416. Please see https://access.redhat.com/security/cve/CVE-2012-4416 for information about affected products and security errata."}