{ "schema_version": "1.4.0", "id": "GHSA-c4pm-63cg-9j7h", "modified": "2025-01-17T17:06:53Z", "published": "2022-12-08T15:52:54Z", "aliases": [ "CVE-2022-23496" ], "summary": "Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List", "details": "### Impact\nApplications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected.\n\n### Patches\nUpgrade to 7.9.0\n\n### Workarounds\nCatch and discard any exceptions from Yauaa.\n", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-beam" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-beam-sql" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-drill" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-elasticsearch" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-elasticsearch-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-flink" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-flink-table" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-hive" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-logparser" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-snowflake" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "nl.basjes.parse.useragent:yauaa-trino" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.0.0" }, { "fixed": "7.9.0" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/nielsbasjes/yauaa/security/advisories/GHSA-c4pm-63cg-9j7h" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23496" }, { "type": "WEB", "url": "https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e" }, { "type": "PACKAGE", "url": "https://github.com/nielsbasjes/yauaa" } ], "database_specific": { "cwe_ids": [ "CWE-755" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-12-08T15:52:54Z", "nvd_published_at": "2022-12-08T22:15:00Z" } }