Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-23437

Опубликовано: 24 янв. 2022
Источник: debian
EPSS Низкий

Описание

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxerces2-javafixed2.12.2-1package
libxerces2-javapostponedbullseyepackage
libxerces2-javapostponedbusterpackage
libxerces2-javapostponedstretchpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2022/01/24/3

  • https://issues.apache.org/jira/browse/XERCESJ-1737

  • Confimation of fixing commits: https://lists.apache.org/thread/8bdbk40hf1oqhyvmdcvtqwr2hwfhhmkt

  • The svn.apache.org links are gone, but looking at the Wayback Machine it's these commits:

  • https://github.com/apache/xerces-j/commit/0a785cfe0d210b5e5b3b020ecfeb67693764aaf4

  • https://github.com/apache/xerces-j/commit/da8efa66241dd63cb34eacb22bc28c3469af91a6

EPSS

Процентиль: 25%
0.00087
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-23437

CVSS3: 6.5
ubuntu
около 4 лет назад

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

redhat логотип

CVE-2022-23437

CVSS3: 6.5
redhat
около 4 лет назад

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

nvd логотип

CVE-2022-23437

CVSS3: 6.5
nvd
около 4 лет назад

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

suse-cvrf логотип

openSUSE-SU-2022:0503-1

suse-cvrf
почти 4 года назад

Security update for xerces-j2

suse-cvrf логотип

openSUSE-SU-2022:0500-1

suse-cvrf
почти 4 года назад

Security update for xerces-j2

EPSS

Процентиль: 25%
0.00087
Низкий