CVE-2022-33879
Description
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.031
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-33879 are fixed in Apache-tika 1.28.4 | Windows |
| Vulnerabilities CVE-2022-33879 are fixed in Apache-tika 2.4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1 | Windows |
| Vulnerabilities CVE-2022-33879 are fixed in Apache-tika for Linux 1.28.4 | Linux |
| Vulnerabilities CVE-2022-33879 are fixed in Apache-tika for Linux 2.4.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234