CVE-2022-23437

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Published Jan 25, 2022

Apache · Announcement openwall.com

CVSS ScoreMedium

6.5

Vulnerabilities

CVE-2022-23437

Published Jan 25, 2022

Apache · Announcement openwall.com

CVSS ScoreMedium

6.5

CVE-2022-23437 Security Details

CVE ID: CVE-2022-23437
CWE: CWE-835
CVE Description: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Published: Jan 25, 2022
CVSS Score & Severity: 6.5Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score: 0.089%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/apache/xerces/impl/XML11EntityScanner.scanChar()I
JVM
org/apache/xerces/impl/XMLEntityScanner.scanChar()I
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Apache · AnnouncementPROJECT
openwall.comTHIRD_PARTY

CVE-2022-23437 Security Details

CVE ID: CVE-2022-23437
CWE: CWE-835
CVE Description: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Published: Jan 25, 2022
CVSS Score & Severity: 6.5Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score: 0.089%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/apache/xerces/impl/XML11EntityScanner.scanChar()I
JVM
org/apache/xerces/impl/XMLEntityScanner.scanChar()I
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Apache · AnnouncementPROJECT
openwall.comTHIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2022-23437

CVE-2022-23437 Security Details

CVE-2022-23437 Security Details