Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-aye3-ueka-vfbx
Vulnerability ID VCID-aye3-ueka-vfbx
Aliases CVE-2012-3423
Summary The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0278 https://api.first.org/data/v1/epss?cve=CVE-2012-3423
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3423.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3423
841345 https://bugzilla.redhat.com/show_bug.cgi?id=841345
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2012:1132 https://access.redhat.com/errata/RHSA-2012:1132
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86335
EPSS Score 0.0278
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:38:51.476866+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0