Medium severity6.5NVD Advisory· Published Jan 24, 2022· Updated Jun 17, 2026
CVE-2022-23437
CVE-2022-23437
Description
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
xerces:xercesImplMaven | < 2.12.2 | 2.12.2 |
Affected products
43- ghsa-coords42 versionspkg:maven/xerces/xercesImplpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xerces-j2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/xerces-j2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xerces-j2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/xerces-j2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/xerces-j2&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xerces-j2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xerces-j2&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/xerces-j2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/xerces-j2&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/xerces-j2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/xerces-j2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/xerces-j2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/xerces-j2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.12.2+ 41 more
- (no CPE)range: < 2.12.2
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.4-1.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.12.2-1.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.8.1-238.29.8.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.8.1-238.29.8.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.11.0-4.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.12.0-3.3.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- (no CPE)range: < 2.8.1-268.9.1
- Apache Software Foundation/Apache Xercesv5Range: Apache XercesJ
Patches
Vulnerability mechanics
References
8- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2022.htmlnvdPatchThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2022/01/24/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-h65f-jvqw-m9fjghsaADVISORY
- lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dlnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-23437ghsaADVISORY
- security.netapp.com/advisory/ntap-20221028-0005/nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20221028-0005ghsaWEB
News mentions
0No linked articles in our index yet.