OESA-2022-1625

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1625
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1625.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1625
Upstream
Published
2022-04-29T11:03:43Z
Modified
2025-08-12T05:12:35.424935Z
Summary
xerces-j2 security update
Details

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

Xerces 2 is a fully conforming XML Schema processor. For more information, refer to the XML Schema page.

Xerces 2 also provides a partial implementation of Document Object Model Level 3 Core, Load and Save and Abstract Schemas [deprecated] Working Drafts. For more information, refer to the DOM Level 3 Implementation page.

Security Fix(es):

There s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.(CVE-2022-23437)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / xerces-j2

Package

Name
xerces-j2
Purl
pkg:rpm/openEuler/xerces-j2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.2-1.oe1

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe1.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe1.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe1.noarch.rpm "
    ]
}

openEuler:20.03-LTS-SP2 / xerces-j2

Package

Name
xerces-j2
Purl
pkg:rpm/openEuler/xerces-j2&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.2-1.oe1

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe1.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe1.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe1.noarch.rpm "
    ]
}

openEuler:20.03-LTS-SP3 / xerces-j2

Package

Name
xerces-j2
Purl
pkg:rpm/openEuler/xerces-j2&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.2-1.oe1

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe1.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe1.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe1.noarch.rpm "
    ]
}

openEuler:22.03-LTS / xerces-j2

Package

Name
xerces-j2
Purl
pkg:rpm/openEuler/xerces-j2&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.2-1.oe2203

Ecosystem specific

{
    "src": [
        "xerces-j2-2.12.2-1.oe2203.src.rpm"
    ],
    "noarch": [
        "xerces-j2-2.12.2-1.oe2203.noarch.rpm",
        "xerces-j2-help-2.12.2-1.oe2203.noarch.rpm "
    ]
}