Skip to main content

Improper Handling of Exceptional Conditions

CVE-2022-23496

Severity High
Score 7.5/10

Summary

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the `useragent` string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature in versions 7.0.0 prior to 7.9.0 can crash because the Yauaa library throws an `ArrayIndexOutOfBoundsException`. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users unable to upgrade may catch and discard any `ArrayIndexOutOfBoundsException` thrown by the Yauaa library.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Advisory Timeline

  • Published