CVE-2022-23437 Vulnerability Details

  /     /     /  

CVE-2022-23437 Metadata Quick Info

CVE Published: 24/01/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: apache | Vendor: Apache Software Foundation | Product: Apache Xerces
Status : PUBLISHED

---

CVE-2022-23437 Description

There\'s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Infinite loop within Apache XercesJ xml parser
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).