{"id":"CVE-2022-23496","summary":"A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa ","details":" Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.","aliases":["GHSA-c4pm-63cg-9j7h"],"modified":"2026-04-17T11:08:02.174311Z","published":"2022-12-08T21:19:30.227Z","database_specific":{"cwe_ids":["CWE-755"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23496.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23496.json"},{"type":"ADVISORY","url":"https://github.com/nielsbasjes/yauaa/security/advisories/GHSA-c4pm-63cg-9j7h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23496"},{"type":"FIX","url":"https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nielsbasjes/yauaa","events":[{"introduced":"3841b63cfb546c6ffaeea84483b29b3b676a9d97"},{"fixed":"755736ffb21cc18a26fae7bbfdf2d461d34c9034"},{"fixed":"3017a866e2cff0d308f264b66fde4fa79e3beb9e"}],"database_specific":{"cpe":"cpe:2.3:a:yet_another_useragent_analyzer_project:yet_another_useragent_analyzer:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"7.0.0"},{"fixed":"7.9.0"}]}}],"versions":["v7.0.0","v7.1.0","v7.2.0","v7.3.0","v7.4.0","v7.5.0","v7.6.0","v7.7.0","v7.8.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e","signature_version":"v1","digest":{"line_hashes":["278814355379616507848480649652529162332","236291769923491635167910255190935975945","63281785972824433838282133197874289679","282331065033014437255003602859756255299","122730932674359154449170137960928877694","140904540453858924942030721825465119490","227591034815278345825305219652142373780","28343557858675150165855149990539738439","199016207376487601193391294321001709583","278832472058736846952582330499796671250","47639645331684775386688011866437728289","258221066855527789943812494118182654558","316932151692693497243176600694040370784","195303899885473666173703999191279194502","323291997237269131287705762198107101250","161238270061180425846642906259542053600","253906261114822855909707996010827366775","129888652379596160820919563627939348836","135940889679729390879346939927242991118","34102164602230763970547243835727588545","165674473285512248917214039215646379080","193363565348163607835673357236222958473","279489729571492346344297847705905192844","278448749048150356196600595692332206325","2578162217954213267196910090286031668","87499444017080011354577397353935863134","229453381280282270588392009139608785642","287483995961460013716902340024377223215","215836587107612420464432271265210628816","47611183287826825594443324597208981890","53389587475140332050774889693581757918","212507222274599090528723297631575175117","288139598720041714165918799603536028709","25929148979541044799128601893704527915","203067708697500189128247863791391005988","17584861887178119029786283359515621360","53014450736202160427284908649153677008","121371270107640338534914150355187962713","243539749770269761225475030522264755290","24320198281573879502586465489314795887","28320428832029497267517615433589229732","157312443593697101799904336639854992031","285825538311208050231640813057779554568","292793921019561311040939956393620579398","273464853216319137633976072441910011317","279108810822356585373853300449692692191","211372589631645140503578590446954359964","135940889679729390879346939927242991118","34102164602230763970547243835727588545","165674473285512248917214039215646379080","193363565348163607835673357236222958473","249941104231328024858478917010358371471","5154750423149069154628631082749653135","234045665407598187690463041223581642474","144943878480273247848368824427536688266","53014450736202160427284908649153677008","121371270107640338534914150355187962713","46220893544200014145447585517180391472","202814987661482448783000200262947191346","296769896215987865776719604758961183567","213897744745177124879020781230600290205","189561316317503658638082152499374868483","300402773121578300192095549602186380401","288817804307122321346926901321222845593","135940889679729390879346939927242991118","34102164602230763970547243835727588545","165674473285512248917214039215646379080","193363565348163607835673357236222958473","249941104231328024858478917010358371471","5154750423149069154628631082749653135","234045665407598187690463041223581642474","144943878480273247848368824427536688266","53014450736202160427284908649153677008","121371270107640338534914150355187962713","46220893544200014145447585517180391472","234297561127343332030842335275381036324","273043144834228009972990516119394203200","238115698922249776632648791020997301210","80379200911060531145979372116736683946","320028245196709574395758714120723154678","246021659498356713876950844611536939581","272517397134738231664467810233608798501","201547758921151893874385265698823183880","42428983937261761857556919436181587854","86375616029475723325630231175293736475","291750777319430353742125213904960902762","269687877386947217512690925758648572830","293089246136607740530092125634713634571","254842982404965390499013921595454779901","142431886317705473816591679107389263189","254412025491682676411008369240911949603","157812576023936398790384668058182357852","152320546431763823019599887954519553829","177192506188113557793771201289283257275","182987480102822697424260481882944687612","279349442113557560684623748998294255611","67667012753460130485411841375699838863","92271928508570684356759529355346283869","118128704707452894631883475795027850760","194028959885354484712147063917386104075","99306799931473077087758132030592342333","119005825486589151620228838390581756434","59532144859560858485689782591430801151","6944477576790613464286254460558978850","313104967457119324669446613800910579885","206975585657275089369261937180118797738","262562743502745840231066730617412744130","200558990646563133991245584551419667856","106845422745000669631496644024422932028","107833271542986745657418362959682101922","258166828300566474014247009747674723389","162974043504018701574982706689562660025","294481198581838963142898279062890873085","321141743435671103062911828106632978441","282855225067694041150035390377304239059","34102164602230763970547243835727588545","165674473285512248917214039215646379080","193363565348163607835673357236222958473","54601822948912386728588650634409075960","282093838090785631868280438436434067177","192942522833094999679400534556669510347","314848043951477640292953120062690916491","238323254015131829008230334555122570125","147704735997178308316320076166083861252","168020191194941703462414633712853471061","5946544802101308812322040745866901771","14572415169746117128324561325355194469","238115698922249776632648791020997301210","335996770119068176235285242094895268313","108587633537507210242609878158511307392","309699394142987617210192784266684891746","297388717765574966416871917601365534728"],"threshold":0.9},"signature_type":"Line","id":"CVE-2022-23496-9184d85a","target":{"file":"analyzer/src/main/java/nl/basjes/parse/useragent/clienthints/ClientHintsAnalyzer.java"}},{"deprecated":false,"source":"https://github.com/nielsbasjes/yauaa/commit/3017a866e2cff0d308f264b66fde4fa79e3beb9e","signature_version":"v1","digest":{"length":4114,"function_hash":"222109452266724129614141356952768721370"},"signature_type":"Function","id":"CVE-2022-23496-94d730e6","target":{"file":"analyzer/src/main/java/nl/basjes/parse/useragent/clienthints/ClientHintsAnalyzer.java","function":"improveLayoutEngineAndAgentInfo"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23496.json","vanir_signatures_modified":"2026-04-17T11:08:02Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}