CVE-2022-23437
- Source
- https://cve.org/CVERecord?id=CVE-2022-23437
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23437.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23437
- Aliases
- Downstream
- Related
- Published
- 2022-01-24T15:15:09.317Z
- Modified
- 2026-04-02T07:47:54.072380Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
- References
Affected packages
Git / github.com/apache/xerces2-j
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/xerces2-j
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.7" }, { "introduced": "0" }, { "last_affected": "2.7.0" } ] }
Affected versions
Other
Xerces-J-1_1_0_05_22_2000
Xerces-J_01052005
Xerces-J_1_0_1
Xerces-J_1_0_2
Xerces-J_1_0_3
Xerces-J_1_0_3_Schema
Xerces-J_1_0_4
Xerces-J_1_1_0
Xerces-J_1_1_1
Xerces-J_1_1_2
Xerces-J_1_1_3
Xerces-J_1_2_0
Xerces-J_1_2_1
Xerces-J_1_2_2
Xerces-J_1_2_3
Xerces-J_1_3_0
Xerces-J_1_3_1
Xerces-J_1_4_0
Xerces-J_1_4_1
Xerces-J_1_4_2
Xerces-J_1_4_3
Xerces-J_1_4_4
Xerces-J_2_0_0
Xerces-J_2_0_0_alpha
Xerces-J_2_0_0_beta
Xerces-J_2_0_0_beta2
Xerces-J_2_0_0_beta3
Xerces-J_2_0_0beta4
Xerces-J_2_0_1
Xerces-J_2_0_2
Xerces-J_2_10_0
Xerces-J_2_11_0
Xerces-J_2_12_0
Xerces-J_2_1_0
Xerces-J_2_2_0
Xerces-J_2_2_1
Xerces-J_2_3_0
Xerces-J_2_4_0
Xerces-J_2_5_0
Xerces-J_2_6_0
Xerces-J_2_6_1
Xerces-J_2_6_2
Xerces-J_2_7_0
Xerces-J_2_7_1
Xerces-J_2_8_0
Xerces-J_2_8_1
Xerces-J_2_9_0
Xerces-J_2_9_1
Xerces-J_2_XNIMOD
Xerces-J_2_pkgReorg_xs
beforeschemamerge
beforexercesj2
end_of_xerces_j_2_branch
fixes-after-2_6_0
help
initial
jaxp-1-2_3-02
jaxp-1-3-01
jaxp-1_2_3-02
jaxp-1_2_3-03
jaxp-1_2_3-04
jaxp-1_2_3-05
jaxp-1_2_3-06
jaxp-1_2_3-07
jaxp-1_2_3-08
jaxp-1_2_3-09
jaxp-1_3_0-01
jaxp-1_3_0-02
jaxp-1_3_0-03
jaxp-1_3_0-04
jaxp-ri-1_2_0-alpha
jaxp-ri-1_2_0-beta
jaxp-ri-1_2_0-beta-branch
jaxp-ri-1_2_0-fcs-02
jaxp-ri-1_2_0-fcs-03
jaxp-ri-1_2_0-fcs-04
jaxp-ri-1_2_0-fcs-branch-01
jaxp13-2_6-branch-t1
jaxp13-2_6-branch-t2
jaxp_1_2_2_01
jaxp_1_2_2_02
jaxp_1_2_2_branch_02
jaxp_1_2_3_01
jaxp_1_3_0_04052004
jdk-integration
merge_to_x2_021301
merge_to_x2_121100
private_1472
schemapointtag
start_xerces_j_2_trunc
valport_x1
x1_sync_021301
x1_sync_121100
x2m1
xerces_2_6_1_plus_bugfixes
Xerces-J_2_10_0-xml-schema-1.*
Xerces-J_2_10_0-xml-schema-1.1-beta
Xerces-J_2_11_0-xml-schema-1.*
Xerces-J_2_11_0-xml-schema-1.1-beta
Xerces-J_2_12_0-xml-schema-1.*
Xerces-J_2_12_0-xml-schema-1.1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.12.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0"
}
]
},
{
"events": [
{
"introduced": "8.0.6.0.0"
},
{
"last_affected": "8.0.9.0"
}
]
},
{
"events": [
{
"introduced": "8.1.0.0"
},
{
"fixed": "8.1.2.0"
}
]
},
{
"events": [
{
"introduced": "8.0.6.0.0"
},
{
"last_affected": "8.0.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.8.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.8.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.7.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.7.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.8.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.9.4.2.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.9.4.2.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.0.1.30"
}
]
},
{
"events": [
{
"introduced": "3.0.1"
},
{
"last_affected": "3.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.58"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.59"
}
]
},
{
"events": [
{
"introduced": "17.7"
},
{
"last_affected": "17.12.11"
}
]
},
{
"events": [
{
"introduced": "18.8.0"
},
{
"last_affected": "18.8.14"
}
]
},
{
"events": [
{
"introduced": "19.12.0"
},
{
"last_affected": "19.12.13"
}
]
},
{
"events": [
{
"introduced": "20.12.0"
},
{
"last_affected": "20.12.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.6.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.1.0.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23437.json"