CVE-2022-23496

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-23496
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23496.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23496
Aliases
Published
2022-12-08T21:19:30.227Z
Modified
2026-04-17T11:08:02.174311Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa
Details

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23496.json",
    "cwe_ids": [
        "CWE-755"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/nielsbasjes/yauaa

Affected ranges

Type
GIT
Repo
https://github.com/nielsbasjes/yauaa
Events
Introduced
3841b63cfb546c6ffaeea84483b29b3b676a9d97
Fixed
755736ffb21cc18a26fae7bbfdf2d461d34c9034
Fixed
3017a866e2cff0d308f264b66fde4fa79e3beb9e
Database specific 
{
    "cpe": "cpe:2.3:a:yet_another_useragent_analyzer_project:yet_another_useragent_analyzer:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.9.0"
        }
    ]
}

Affected versions

v7.*
v7.0.0
v7.1.0
v7.2.0
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.7.0
v7.8.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23496.json"
vanir_signatures_modified 
"2026-04-17T11:08:02Z"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "278814355379616507848480649652529162332",
                "236291769923491635167910255190935975945",
                "63281785972824433838282133197874289679",
                "282331065033014437255003602859756255299",
                "122730932674359154449170137960928877694",
                "140904540453858924942030721825465119490",
                "227591034815278345825305219652142373780",
                "28343557858675150165855149990539738439",
                "199016207376487601193391294321001709583",
                "278832472058736846952582330499796671250",
                "47639645331684775386688011866437728289",
                "258221066855527789943812494118182654558",
                "316932151692693497243176600694040370784",
                "195303899885473666173703999191279194502",
                "323291997237269131287705762198107101250",
                "161238270061180425846642906259542053600",
                "253906261114822855909707996010827366775",
                "129888652379596160820919563627939348836",
                "135940889679729390879346939927242991118",
                "34102164602230763970547243835727588545",
                "165674473285512248917214039215646379080",
                "193363565348163607835673357236222958473",
                "279489729571492346344297847705905192844",
                "278448749048150356196600595692332206325",
                "2578162217954213267196910090286031668",
                "87499444017080011354577397353935863134",
                "229453381280282270588392009139608785642",
                "287483995961460013716902340024377223215",
                "215836587107612420464432271265210628816",
                "47611183287826825594443324597208981890",
                "53389587475140332050774889693581757918",
                "212507222274599090528723297631575175117",
                "288139598720041714165918799603536028709",
                "25929148979541044799128601893704527915",
                "203067708697500189128247863791391005988",
                "17584861887178119029786283359515621360",
                "53014450736202160427284908649153677008",
                "121371270107640338534914150355187962713",
                "243539749770269761225475030522264755290",
                "24320198281573879502586465489314795887",
                "28320428832029497267517615433589229732",
                "157312443593697101799904336639854992031",
                "285825538311208050231640813057779554568",
                "292793921019561311040939956393620579398",
                "273464853216319137633976072441910011317",
                "279108810822356585373853300449692692191",
                "211372589631645140503578590446954359964",
                "135940889679729390879346939927242991118",
                "34102164602230763970547243835727588545",
                "165674473285512248917214039215646379080",
                "193363565348163607835673357236222958473",
                "249941104231328024858478917010358371471",
                "5154750423149069154628631082749653135",
                "234045665407598187690463041223581642474",
                "144943878480273247848368824427536688266",
                "53014450736202160427284908649153677008",
                "121371270107640338534914150355187962713",
                "46220893544200014145447585517180391472",
                "202814987661482448783000200262947191346",
                "296769896215987865776719604758961183567",
                "213897744745177124879020781230600290205",
                "189561316317503658638082152499374868483",
                "300402773121578300192095549602186380401",
                "288817804307122321346926901321222845593",
                "135940889679729390879346939927242991118",
                "34102164602230763970547243835727588545",
                "165674473285512248917214039215646379080",
                "193363565348163607835673357236222958473",
                "249941104231328024858478917010358371471",
                "5154750423149069154628631082749653135",
                "234045665407598187690463041223581642474",
                "144943878480273247848368824427536688266",
                "53014450736202160427284908649153677008",
                "121371270107640338534914150355187962713",
                "46220893544200014145447585517180391472",
                "234297561127343332030842335275381036324",
                "273043144834228009972990516119394203200",
                "238115698922249776632648791020997301210",
                "80379200911060531145979372116736683946",
                "320028245196709574395758714120723154678",
                "246021659498356713876950844611536939581",
                "272517397134738231664467810233608798501",
                "201547758921151893874385265698823183880",
                "42428983937261761857556919436181587854",
                "86375616029475723325630231175293736475",
                "291750777319430353742125213904960902762",
                "269687877386947217512690925758648572830",
                "293089246136607740530092125634713634571",
                "254842982404965390499013921595454779901",
                "142431886317705473816591679107389263189",
                "254412025491682676411008369240911949603",
                "157812576023936398790384668058182357852",
                "152320546431763823019599887954519553829",
                "177192506188113557793771201289283257275",
                "182987480102822697424260481882944687612",
                "279349442113557560684623748998294255611",
                "67667012753460130485411841375699838863",
                "92271928508570684356759529355346283869",
                "118128704707452894631883475795027850760",
                "194028959885354484712147063917386104075",
                "99306799931473077087758132030592342333",
                "119005825486589151620228838390581756434",
                "59532144859560858485689782591430801151",
                "6944477576790613464286254460558978850",
                "313104967457119324669446613800910579885",
                "206975585657275089369261937180118797738",
                "262562743502745840231066730617412744130",
                "200558990646563133991245584551419667856",
                "106845422745000669631496644024422932028",
                "107833271542986745657418362959682101922",
                "258166828300566474014247009747674723389",
                "162974043504018701574982706689562660025",
                "294481198581838963142898279062890873085",
                "321141743435671103062911828106632978441",
                "282855225067694041150035390377304239059",
                "34102164602230763970547243835727588545",
                "165674473285512248917214039215646379080",
                "193363565348163607835673357236222958473",
                "54601822948912386728588650634409075960",
                "282093838090785631868280438436434067177",
                "192942522833094999679400534556669510347",
                "314848043951477640292953120062690916491",
                "238323254015131829008230334555122570125",
                "147704735997178308316320076166083861252",
                "168020191194941703462414633712853471061",
                "5946544802101308812322040745866901771",
                "14572415169746117128324561325355194469",
                "238115698922249776632648791020997301210",
                "335996770119068176235285242094895268313",
                "108587633537507210242609878158511307392",
                "309699394142987617210192784266684891746",
                "297388717765574966416871917601365534728"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "analyzer/src/main/java/nl/basjes/parse/useragent/clienthints/ClientHintsAnalyzer.java"
        },
        "source": "https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e",
        "signature_version": "v1",
        "id": "CVE-2022-23496-9184d85a"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "222109452266724129614141356952768721370",
            "length": 4114.0
        },
        "target": {
            "file": "analyzer/src/main/java/nl/basjes/parse/useragent/clienthints/ClientHintsAnalyzer.java",
            "function": "improveLayoutEngineAndAgentInfo"
        },
        "source": "https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e",
        "signature_version": "v1",
        "id": "CVE-2022-23496-94d730e6"
    }
]