Skip to main content

Inefficient Regular Expression Complexity

CVE-2022-30973

Severity Medium
Score 5.5/10

Summary

In Apache Tika, a regular expression in the 'StandardsText' class, used by the 'StandardsExtractingContentHandler' could lead to a Denial of Service (DOS) caused by backtracking on a specially crafted file. This only affects users who are running the 'StandardsExtractingContentHandler', which is a non-standard handler. We failed to apply the fix for CVE-2022-30126 to the 1.x branch before the 1.28.3 release. This issue affects versions 1.17 through 1.28.2 and 2.0.0-ALPHA through 2.3.0.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published