[
https://issues.apache.org/jira/browse/XERCESJ-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mukul Gandhi resolved XERCESJ-1737.
-----------------------------------
Fix Version/s: 2.12.2
Resolution: Fixed
This issue, was fixed within XercesJ 2.12.2.
> [8.6] [CVE-2022-23437] [xercesImpl] [2.12.0]
> --------------------------------------------
>
> Key: XERCESJ-1737
> URL: https://issues.apache.org/jira/browse/XERCESJ-1737
> Project: Xerces2-J
> Issue Type: Bug
> Affects Versions: 2.12.0, 2.12.1
> Reporter: Rajesh
> Priority: Major
> Fix For: 2.12.2
>
>
> *Description :*
> *Severity :* Sonatype CVSS 3: 8.6CVE CVSS 2.0: 0.0
> *Weakness :* Sonatype CWE: 611
> *Source :* National Vulnerability Database
> *Categories :* Data
> *Description from CVE :* There XML parser when handling specially crafted XML
> document payloads. This causes, the XercesJ XML parser to wait in an infinite
> loop, which may sometimes consume system resources for prolonged duration.
> This vulnerability is present within XercesJ version 2.12.1 and the previous
> versions.
> *Explanation :* This issue has undergone the Sonatype Fast-Track process. For
> more information, please see the Sonatype Knowledge Base Guide.
> *Root Cause :* xercesImpl-2.12.0.jar : [ ,2.12.2]
> *Advisories :* Project:
> [http://www.openwall.com/lists/oss-security/2022/01/24/3]
> *CVSS Details :* Sonatype CVSS 3: 8.6CVSS Vector:
> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/
> *CVE :* CVE-2022-23437
> *URL :* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-dev-h...@xerces.apache.org
