CVE-2022-30973

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.x through 1.28.2

Description A denial of service issue exists due to a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler, which can lead to backtracking on a specially crafted file. This issue only affects users running the StandardsExtractingContentHandler, a non-standard handler.

Recommendations For Apache Tika versions 1.x through 1.28.2, update to version 1.28.3 to resolve the issue. As a temporary workaround, consider disabling the StandardsExtractingContentHandler until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2022-30973

GHSA-QW3F-W4PF-JH5F

SUSE-SU-2022:3310-1

SUSE-SU-2022:3311-1

USN-7529-1

Affected Products

Apache Tika

Linuxmint

Suse

Ubuntu

CVE-2022-30973

Weakness Enumeration

Related Identifiers

Affected Products

References · 37