Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IcedTea-Web Off-by-one漏洞
Vulnerability Description
IcedTea-Web是美国红帽(Red Hat)公司和GNU Classpath团队共同开发的一款可运行Java Applet(使用Java语言编写的小应用程序)的免费Web浏览器插件。 IcedTea-Web 1.1.7之前的1.1.x版本、1.2.2之前的1.2.x版本、1.3.1之前的1.3.x版本中的IcedTeaScriptablePluginObject.cc中的‘invoke’函数中存在离一误差漏洞。远程攻击者利用该漏洞通过特制的网页触发基于堆的缓冲区溢出,从而获得敏感信息、导致拒绝服务(
CVSS Information
N/A
Vulnerability Type
N/A