CVE-2012-4420

2019-12-2620:46:04

redhat

www.cve.org

6.9 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.8%

JSON

An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.

CNA Affected

[
  {
    "product": "java-1.7.0-openjdk",
    "vendor": "java-1.7.0-openjdk",
    "versions": [
      {
        "status": "affected",
        "version": "1.7.0_04 to 1.7.0_10"
      }
    ]
  }
]