OESA-2022-1625

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1625

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1625.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1625

Upstream

CVE-2022-23437

Published

2022-04-29T11:03:43Z

Modified

2025-08-12T05:12:35.424935Z

Summary

xerces-j2 security update

Details

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

Xerces 2 is a fully conforming XML Schema processor. For more information, refer to the XML Schema page.

Xerces 2 also provides a partial implementation of Document Object Model Level 3 Core, Load and Save and Abstract Schemas [deprecated] Working Drafts. For more information, refer to the DOM Level 3 Implementation page.

Security Fix(es):

There s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / xerces-j2

Package

Name: xerces-j2
Purl: pkg:rpm/openEuler/xerces-j2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.2-1.oe1

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe1.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe1.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe1.noarch.rpm "
    ]
}

openEuler:20.03-LTS-SP2 / xerces-j2

Package

Name: xerces-j2
Purl: pkg:rpm/openEuler/xerces-j2&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.2-1.oe1

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe1.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe1.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe1.noarch.rpm "
    ]
}

openEuler:20.03-LTS-SP3 / xerces-j2

Package

Name: xerces-j2
Purl: pkg:rpm/openEuler/xerces-j2&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.2-1.oe1

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe1.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe1.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe1.noarch.rpm "
    ]
}

openEuler:22.03-LTS / xerces-j2

Package

Name: xerces-j2
Purl: pkg:rpm/openEuler/xerces-j2&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.2-1.oe2203

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe2203.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe2203.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe2203.noarch.rpm "
    ]
}