Miggo Logo

CVE-2022-23496:
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

8.6

CVSS Score
3.1

Basic Information

EPSS Score
0.21532%
Published
12/8/2022
Updated
1/17/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
nl.basjes.parse.useragent:yauaamaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-beammaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-beam-sqlmaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-drillmaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-elasticsearchmaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-elasticsearch-8maven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-flinkmaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-flink-tablemaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-hivemaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-logparsermaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-snowflakemaven>= 7.0.0, < 7.9.07.9.0
nl.basjes.parse.useragent:yauaa-trinomaven>= 7.0.0, < 7.9.07.9.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in Client Hints processing where version strings are split using String.split("\\."). The original code (lines 318-325 in diff) contained direct array accesses to versionSplits[1] without verifying the array length first. This could crash when handling short version strings like '100' instead of '100.0.4896.127'. The patch adds length checks and version validation logic (newVersionIsBetter()) to prevent these out-of-bounds accesses.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *ppli**tions usin* t** *li*nt *ints *n*lysis ***tur* intro*u*** wit* *.*.* **n *r*s* ****us* t** Y*u** li*r*ry t*rows *n *rr*yIn**xOutO**oun*s*x**ption. *ppli**tions t**t *o not us* t*is ***tur* *r* not *****t**. ### P*t***s Up*r*** to *.

Reasoning

T** vuln*r**ility m*ni**sts in *li*nt *ints pro**ssin* w**r* v*rsion strin*s *r* split usin* `Strin*.split("\\.").` T** ori*in*l *o** (lin*s ***-*** in *i**) *ont*in** *ir**t *rr*y ****ss*s to `v*rsionSplits[*]` wit*out v*ri*yin* t** *rr*y l*n*t* *ir