Lucene search
GitHub Advisory DatabaseGHSA-C4PM-63CG-9J7HHistoryDec 08, 2022 - 3:52 p.m.
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
2022-12-0815:52:54
CWE-755
GitHub Advisory Database
github.com
24
yauaa
arrayindexoutofboundsexception
sec-ch-ua-full-version-list
client hints
upgrade
vulnerability
crafted header
applications
crash
exceptions
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
39.3%
Impact
Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected.
Patches
Upgrade to 7.9.0
Workarounds
Catch and discard any exceptions from Yauaa.
Affected configurations
Node
nl.basjes.parse.useragentyauaa-trinoRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-snowflakeRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-nifi-processorsRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-logparserRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-hiveRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-flink-tableRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-flinkRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-elasticsearch-8Range7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-elasticsearchRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-drillRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-beam-sqlRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaa-beamRange7.0.0–7.9.0
ORnl.basjes.parse.useragentyauaaRange7.0.0–7.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nl.basjes.parse.useragent | yauaa-trino | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-trino:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-snowflake | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-snowflake:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-nifi-processors | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-nifi-processors:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-logparser | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-logparser:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-hive | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-hive:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-flink-table | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-flink-table:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-flink | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-flink:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-elasticsearch-8 | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-elasticsearch-8:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-elasticsearch | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-elasticsearch:*:*:*:*:*:*:*:* |
| nl.basjes.parse.useragent | yauaa-drill | * | cpe:2.3:a:nl.basjes.parse.useragent:yauaa-drill:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
osv
osv
CVE-2022-23496
2022-12-08 22:15:10
nvd
nvd
CVE-2022-23496
2022-12-08 22:15:10
veracode
veracode
Denial Of Service (DoS)
2022-12-09 03:36:46
prion
prion
Design/Logic Flaw
2022-12-08 22:15:00
cve
cve
CVE-2022-23496
2022-12-08 22:15:10
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
39.3%
Related for GHSA-C4PM-63CG-9J7H