Vulnerability Details CVE-2022-30126
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2022/05/16/3
- http://www.openwall.com/lists/oss-security/2022/05/31/2
- http://www.openwall.com/lists/oss-security/2022/06/27/5
- https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4
- https://security.netapp.com/advisory/ntap-20220624-0004/
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://www.openwall.com/lists/oss-security/2022/05/16/3
- http://www.openwall.com/lists/oss-security/2022/05/31/2
- http://www.openwall.com/lists/oss-security/2022/06/27/5
- https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4
- https://security.netapp.com/advisory/ntap-20220624-0004/
- https://www.oracle.com/security-alerts/cpujul2022.html
Products affected by CVE-2022-30126
-
cpe:2.3:a:apache:tika:0.1
-
cpe:2.3:a:apache:tika:0.10
-
cpe:2.3:a:apache:tika:0.2
-
cpe:2.3:a:apache:tika:0.3
-
cpe:2.3:a:apache:tika:0.4
-
cpe:2.3:a:apache:tika:0.5
-
cpe:2.3:a:apache:tika:0.6
-
cpe:2.3:a:apache:tika:0.7
-
cpe:2.3:a:apache:tika:0.8
-
cpe:2.3:a:apache:tika:0.9
-
cpe:2.3:a:apache:tika:1.0
-
cpe:2.3:a:apache:tika:1.1
-
cpe:2.3:a:apache:tika:1.10
-
cpe:2.3:a:apache:tika:1.11
-
cpe:2.3:a:apache:tika:1.12
-
cpe:2.3:a:apache:tika:1.13
-
cpe:2.3:a:apache:tika:1.14
-
cpe:2.3:a:apache:tika:1.15
-
cpe:2.3:a:apache:tika:1.16
-
cpe:2.3:a:apache:tika:1.17
-
cpe:2.3:a:apache:tika:1.18
-
cpe:2.3:a:apache:tika:1.19
-
cpe:2.3:a:apache:tika:1.19.1
-
cpe:2.3:a:apache:tika:1.2
-
cpe:2.3:a:apache:tika:1.20
-
cpe:2.3:a:apache:tika:1.21
-
cpe:2.3:a:apache:tika:1.22
-
cpe:2.3:a:apache:tika:1.23
-
cpe:2.3:a:apache:tika:1.24
-
cpe:2.3:a:apache:tika:1.24.1
-
cpe:2.3:a:apache:tika:1.25
-
cpe:2.3:a:apache:tika:1.26
-
cpe:2.3:a:apache:tika:1.27
-
cpe:2.3:a:apache:tika:1.28
-
cpe:2.3:a:apache:tika:1.28.1
-
cpe:2.3:a:apache:tika:1.28.2
-
cpe:2.3:a:apache:tika:1.3
-
cpe:2.3:a:apache:tika:1.4
-
cpe:2.3:a:apache:tika:1.5
-
cpe:2.3:a:apache:tika:1.6
-
cpe:2.3:a:apache:tika:1.7
-
cpe:2.3:a:apache:tika:1.8
-
cpe:2.3:a:apache:tika:1.9
-
cpe:2.3:a:apache:tika:2.0.0
-
cpe:2.3:a:apache:tika:2.1.0
-
cpe:2.3:a:apache:tika:2.2.0
-
cpe:2.3:a:apache:tika:2.2.1
-
cpe:2.3:a:apache:tika:2.3.0
-
cpe:2.3:a:oracle:primavera_unifier:17.10
-
cpe:2.3:a:oracle:primavera_unifier:17.11
-
cpe:2.3:a:oracle:primavera_unifier:17.12
-
cpe:2.3:a:oracle:primavera_unifier:17.7
-
cpe:2.3:a:oracle:primavera_unifier:17.8
-
cpe:2.3:a:oracle:primavera_unifier:17.9
-
cpe:2.3:a:oracle:primavera_unifier:18.8
-
cpe:2.3:a:oracle:primavera_unifier:19.12
-
cpe:2.3:a:oracle:primavera_unifier:20.12
-
cpe:2.3:a:oracle:primavera_unifier:21.12