Inefficient Regular Expression Complexity
CVE-2022-30973
Summary
In Apache Tika, a regular expression in the 'StandardsText' class, used by the 'StandardsExtractingContentHandler' could lead to a Denial of Service (DOS) caused by backtracking on a specially crafted file. This only affects users who are running the 'StandardsExtractingContentHandler', which is a non-standard handler. We failed to apply the fix for CVE-2022-30126 to the 1.x branch before the 1.28.3 release. This issue affects versions 1.17 through 1.28.2 and 2.0.0-ALPHA through 2.3.0.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published