CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Apache XercesJ"
                },
                {
                    "last_affected": "2.12.1"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23437.json",
    "cna_assigner": "apache"
}

References

Affected packages

Git / github.com/apache/xerces2-j

Affected ranges

Type

GIT

Repo

https://github.com/apache/xerces2-j

Events

Introduced

Last affected

c9862305e4876e529d8fdba96639f1c3c196a87b

Database specific

{
    "cpe": [
        "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7"
        },
        {
            "last_affected": "2.7.0"
        }
    ]
}

Affected versions

Other

Xerces-J_2_7_0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23437.json"