CVE-2022-23437
Infinite loop within Apache XercesJ xml parser
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Se presenta una vulnerabilidad en el analizador XML de Apache Xerces Java (XercesJ) cuando maneja cargas útiles de documentos XML especialmente diseñados. Esto causa que el analizador XML de XercesJ espere en un bucle infinito, lo que a veces puede consumir recursos del sistema durante un tiempo prolongado. Esta vulnerabilidad está presente en XercesJ versión 2.12.1, y en versiones anteriores
A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-01-24 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2022/01/24/3 | Mailing List | |
https://security.netapp.com/advisory/ntap-20221028-0005 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-08-08 | |
https://www.oracle.com/security-alerts/cpujul2022.html | 2023-08-08 |
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl | 2023-08-08 | |
https://access.redhat.com/security/cve/CVE-2022-23437 | 2022-10-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2047200 | 2022-10-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Xerces-j Search vendor "Apache" for product "Xerces-j" | <= 2.12.1 Search vendor "Apache" for product "Xerces-j" and version " <= 2.12.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Agile Engineering Data Management Search vendor "Oracle" for product "Agile Engineering Data Management" | 6.2.1.0 Search vendor "Oracle" for product "Agile Engineering Data Management" and version "6.2.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Agile Plm Search vendor "Oracle" for product "Agile Plm" | 9.3.6 Search vendor "Oracle" for product "Agile Plm" and version "9.3.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Deposits And Lines Of Credit Servicing Search vendor "Oracle" for product "Banking Deposits And Lines Of Credit Servicing" | 2.7 Search vendor "Oracle" for product "Banking Deposits And Lines Of Credit Servicing" and version "2.7" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Party Management Search vendor "Oracle" for product "Banking Party Management" | 2.7.0 Search vendor "Oracle" for product "Banking Party Management" and version "2.7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Asap Search vendor "Oracle" for product "Communications Asap" | 7.3 Search vendor "Oracle" for product "Communications Asap" and version "7.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | < 9.0 Search vendor "Oracle" for product "Communications Element Manager" and version " < 9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager" | < 9.0 Search vendor "Oracle" for product "Communications Session Report Manager" and version " < 9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Session Route Manager Search vendor "Oracle" for product "Communications Session Route Manager" | < 9.0 Search vendor "Oracle" for product "Communications Session Route Manager" and version " < 9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | >= 8.0.6.0.0 <= 8.0.9.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.6.0.0 <= 8.0.9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | >= 8.1.0.0 < 8.1.2.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.1.0.0 < 8.1.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | >= 8.0.6.0.0 <= 8.0.8.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version " >= 8.0.6.0.0 <= 8.0.8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | 8.1.1.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.1.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | 8.1.1.1 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.1.1.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | 8.1.2.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.1.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Crime And Compliance Management Studio Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" | 8.0.8.2.0 Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Crime And Compliance Management Studio Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" | 8.0.8.3.0 Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management" | 8.0.7.1 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.7.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management" | 8.0.7.2.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.7.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management" | 8.0.8.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management" | 8.0.8.1 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.8.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management" | 8.1.1.0 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.1.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Enterprise Case Management Search vendor "Oracle" for product "Financial Services Enterprise Case Management" | 8.1.1.1 Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.1.1.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking" | 12.4.0 Search vendor "Oracle" for product "Flexcube Universal Banking" and version "12.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Global Lifecycle Management Nextgen Oui Framework Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework" | < 13.9.4.2.2 Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework" and version " < 13.9.4.2.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Global Lifecycle Management Nextgen Oui Framework Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework" | 13.9.4.2.2 Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework" and version "13.9.4.2.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Global Lifecycle Management Opatch Search vendor "Oracle" for product "Global Lifecycle Management Opatch" | < 12.2.0.1.30 Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 12.2.0.1.30" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Health Sciences Information Manager Search vendor "Oracle" for product "Health Sciences Information Manager" | >= 3.0.1 <= 3.0.5 Search vendor "Oracle" for product "Health Sciences Information Manager" and version " >= 3.0.1 <= 3.0.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Health Sciences Information Manager Search vendor "Oracle" for product "Health Sciences Information Manager" | 3.0.0.1 Search vendor "Oracle" for product "Health Sciences Information Manager" and version "3.0.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Ilearning Search vendor "Oracle" for product "Ilearning" | 6.2 Search vendor "Oracle" for product "Ilearning" and version "6.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Ilearning Search vendor "Oracle" for product "Ilearning" | 6.3 Search vendor "Oracle" for product "Ilearning" and version "6.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | >= 17.7 <= 17.12.11 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 17.7 <= 17.12.11" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | >= 18.8.0 <= 18.8.14 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 18.8.0 <= 18.8.14" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | >= 19.12.0 <= 19.12.13 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 19.12.0 <= 19.12.13" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | >= 20.12.0 <= 20.12.8 Search vendor "Oracle" for product "Primavera Gateway" and version " >= 20.12.0 <= 20.12.8" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Product Lifecycle Analytics Search vendor "Oracle" for product "Product Lifecycle Analytics" | 3.6.1 Search vendor "Oracle" for product "Product Lifecycle Analytics" and version "3.6.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Bulk Data Integration Search vendor "Oracle" for product "Retail Bulk Data Integration" | 16.0.3.0 Search vendor "Oracle" for product "Retail Bulk Data Integration" and version "16.0.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Extract Transform And Load Search vendor "Oracle" for product "Retail Extract Transform And Load" | 13.2.8 Search vendor "Oracle" for product "Retail Extract Transform And Load" and version "13.2.8" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration" | 14.1.3.2 Search vendor "Oracle" for product "Retail Financial Integration" and version "14.1.3.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration" | 15.0.3.1 Search vendor "Oracle" for product "Retail Financial Integration" and version "15.0.3.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration" | 16.0.3 Search vendor "Oracle" for product "Retail Financial Integration" and version "16.0.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Financial Integration Search vendor "Oracle" for product "Retail Financial Integration" | 19.0.1 Search vendor "Oracle" for product "Retail Financial Integration" and version "19.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 14.1.3.2 Search vendor "Oracle" for product "Retail Integration Bus" and version "14.1.3.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 15.0.3.1 Search vendor "Oracle" for product "Retail Integration Bus" and version "15.0.3.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 16.0.3 Search vendor "Oracle" for product "Retail Integration Bus" and version "16.0.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Integration Bus Search vendor "Oracle" for product "Retail Integration Bus" | 19.0.1 Search vendor "Oracle" for product "Retail Integration Bus" and version "19.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 16.0.3 Search vendor "Oracle" for product "Retail Merchandising System" and version "16.0.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Merchandising System Search vendor "Oracle" for product "Retail Merchandising System" | 19.0.1 Search vendor "Oracle" for product "Retail Merchandising System" and version "19.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 14.1.3.2 Search vendor "Oracle" for product "Retail Service Backbone" and version "14.1.3.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 15.0.3.1 Search vendor "Oracle" for product "Retail Service Backbone" and version "15.0.3.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 16.0.3 Search vendor "Oracle" for product "Retail Service Backbone" and version "16.0.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Service Backbone Search vendor "Oracle" for product "Retail Service Backbone" | 19.0.1 Search vendor "Oracle" for product "Retail Service Backbone" and version "19.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 14.1.1.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "14.1.1.0.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | windows |
Affected
|