PT-2022-15994 · Apache+3 · Apache Xerces Java+3

Sergey Temnikov

Published

2022-01-24

Updated

2026-03-13

CVE-2022-23437

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Xerces Java (XercesJ) versions 2.12.1 and earlier

Description The issue arises when the Apache Xerces Java (XercesJ) XML parser handles specially crafted XML document payloads, causing it to enter an infinite loop. This loop may consume system resources for a prolonged duration.

Recommendations For Apache Xerces Java (XercesJ) versions 2.12.1 and earlier, update to a version later than 2.12.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-91

Related Identifiers

ALT-PU-2022-2027

ALT-PU-2023-4266

ALT-PU-2023-8457

ALT-PU-2024-7812

BDU:2026-01634

CVE-2022-23437

GHSA-H65F-JVQW-M9FJ

GHSA-XXX9-3XCR-GJJ3

OESA-2022-1625

OPENSUSE-SU-2022:0500-1

OPENSUSE-SU-2022:0503-1

OPENSUSE-SU-2022_0500-1

OPENSUSE-SU-2022_0503-1

OPENSUSE-SU-2024:11845-1

OPENSUSE-SU-2024:11999-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

RHSA-2022:4918

RHSA-2022:4919

ROSA-SA-2025-2621

SUSE-SU-2022:0500-1

SUSE-SU-2022:0503-1

SUSE-SU-2022:0542-1

SUSE-SU-2022:14889-1

SUSE-SU-2022_0500-1

SUSE-SU-2022_0503-1

SUSE-SU-2022_0542-1

SUSE-SU-2022_14889-1

Affected Products

Alt Linux

Apache Xerces Java

Debian

Suse

PT-2022-15994 · Apache+3 · Apache Xerces Java+3

CVE-2022-23437

Weakness Enumeration

Related Identifiers

Affected Products

References · 92