CVE-2012-2429

critical

Published 2012-05-25 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf

Application impact

Vendor	Product	Versions	Fixed
xarrow	xarrow	`{"endIncluding":"3.4"}`

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf

CWEs

CWE-189

Verify integrity in audit chain (admin only). AS-IS.