CVE-2022-23496 – nl.basjes.parse.useragent:yauaa

Package

Manager: maven
Name: nl.basjes.parse.useragent:yauaa
Vulnerable Version: >=7.0.0 <7.9.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00086 pctl0.25706

Details

Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List ### Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. ### Patches Upgrade to 7.9.0 ### Workarounds Catch and discard any exceptions from Yauaa.

Metadata

Created: 2022-12-08T15:52:54Z
Modified: 2025-01-17T17:06:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-c4pm-63cg-9j7h/GHSA-c4pm-63cg-9j7h.json
CWE IDs: ["CWE-755"]
Alternative ID: GHSA-c4pm-63cg-9j7h
Finding: F096
Auto approve: 1