CVE-2022-33879

13 documents8 sources
Severity
3.3LOW
EPSS
0.0%
top 91.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache TikaApache Tika
Timeline
PublishedJun 27
Latest updateMay 23

Description

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5apache_software_foundation/apache_tikaApache Tika2.4.1
NVDapache/tika2.0.02.4.1+1
Mavenorg.apache.tika:tika2.0.02.4.1+1
Ubuntutika< 1.22-1ubuntu0.1~esm1+1

🔴Vulnerability Details

5
OSV
tika vulnerabilities2025-05-23
OSV
Apache Tika contains incomplete fix for regex DoS2022-06-28
GHSA
Apache Tika contains incomplete fix for regex DoS2022-06-28
OSV
CVE-2022-33879: The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate2022-06-27
CVEList
Incomplete fix and new regex DoS in StandardsExtractingContentHandler2022-06-27

📋Vendor Advisories

7
Ubuntu
Apache Tika vulnerabilities2025-05-23
Oracle
Oracle Oracle HealthCare Applications Risk Matrix: Upload Services (Apache Tika) — CVE-2022-338792024-07-15
Oracle
Oracle Oracle Commerce Risk Matrix: Workbench (Apache Tika) — CVE-2022-338792024-01-15
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Reports (Apache Tika) — CVE-2022-338792023-07-15
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Document Management (Apache Tika) — CVE-2022-338792022-10-15
CVE-2022-33879 (LOW CVSS 3.3) | The initial fixes in CVE-2022-30126 | cvebase.io