CVE-2022-23496
HIGHYet Another UserAgent Analyzer 7.0.0-7.8.9 - Denial of Service via Client Hints Analysis
Title source: llmDescription
Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/nielsbasjes/yauaa/security/advisories/GHSA-c4pm-63cg-9j7h
Patch, Third Party Advisory x_refsource_misc
https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e
Scores
CVSS v3
7.5
EPSS
0.0074
EPSS Percentile
49.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-755
Status
published
Products (13)
nl.basjes.parse.useragent/yauaa
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-beam
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-beam-sql
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-drill
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-elasticsearch
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-elasticsearch-8
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-flink
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-flink-table
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-hive
7.0.0 - 7.9.0Maven
nl.basjes.parse.useragent/yauaa-logparser
7.0.0 - 7.9.0Maven
... and 3 more
Published
Dec 08, 2022
Tracked Since
Feb 18, 2026