Low severityNVD Advisory· Published Jun 27, 2022· Updated Aug 3, 2024
Incomplete fix and new regex DoS in StandardsExtractingContentHandler
CVE-2022-33879
Description
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tika:tikaMaven | < 1.28.4 | 1.28.4 |
org.apache.tika:tikaMaven | >= 2.0.0, < 2.4.1 | 2.4.1 |
Affected products
4- ghsa-coords3 versionspkg:maven/org.apache.tika/tikapkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.2
< 1.28.4+ 2 more
- (no CPE)range: < 1.28.4
- (no CPE)range: < 1.26-150200.3.8.1
- (no CPE)range: < 1.26-150300.4.3.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6q8v-2hvm-fx37ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-33879ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/06/27/5ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfhghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220812-0004ghsaWEB
- security.netapp.com/advisory/ntap-20220812-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.