[jira] [Resolved] (XERCESJ-1737) [8.6] [CVE-2022-23437] [xercesImpl] [2.12.0]

["Mukul Gandhi (Jira)" <xe...@xml.apache.org>]

     [ https://issues.apache.org/jira/browse/XERCESJ-1737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mukul Gandhi resolved XERCESJ-1737.
-----------------------------------
    Fix Version/s: 2.12.2
       Resolution: Fixed

This issue, was fixed within XercesJ 2.12.2.

> [8.6] [CVE-2022-23437] [xercesImpl] [2.12.0]
> --------------------------------------------
>
>                 Key: XERCESJ-1737
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1737
>             Project: Xerces2-J
>          Issue Type: Bug
>    Affects Versions: 2.12.0, 2.12.1
>            Reporter: Rajesh
>            Priority: Major
>             Fix For: 2.12.2
>
>
> *Description :*
> *Severity :* Sonatype CVSS 3: 8.6CVE CVSS 2.0: 0.0
> *Weakness :* Sonatype CWE: 611
> *Source :* National Vulnerability Database
> *Categories :* Data
> *Description from CVE :* There XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
> *Explanation :* This issue has undergone the Sonatype Fast-Track process. For more information, please see the Sonatype Knowledge Base Guide.
> *Root Cause :* xercesImpl-2.12.0.jar : [ ,2.12.2]
> *Advisories :* Project: [http://www.openwall.com/lists/oss-security/2022/01/24/3]
> *CVSS Details :* Sonatype CVSS 3: 8.6CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/
> *CVE :* CVE-2022-23437
> *URL :* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org