cbcvebase.
CVE-2022-32149
published 2022-10-14

CVE-2022-32149: An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

PriorityP433high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.43%
69.7th percentile
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
debiangolang-golang-x-text< golang-golang-x-text 0.3.8-1 (bookworm)golang-golang-x-text 0.3.8-1 (bookworm)
golang.orgx_text>= 0 < 0.3.80.3.8
golang.orgx_text_golang.org_x_text_language< 0.3.80.3.8
golangtext< 0.3.80.3.8
msrcazl3_cni_1.1.2-3
msrcazl3_cni_1.1.2-4
msrcazl3_containernetworking-plugins_1.6.1-4
msrcazl3_keda_2.14.0-1
msrcazl3_keda_2.4.0-15
msrcazl3_kubevirt_0.59.0-14
msrcazl3_kubevirt_1.2.0-1
msrcazl3_multus_3.8-13
msrcazl3_multus_4.0.2-1
msrcazl3_node-problem-detector_0.8.10-18
msrcazl3_node-problem-detector_0.8.15-1
msrcazl3_sriov-network-device-plugin_3.5.1-3
msrcazl3_sriov-network-device-plugin_3.7.0-1
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_application-gateway-kubernetes-ingress_1.4.0-25
msrccbl2_cf-cli_8.4.0-24
msrccbl2_cni_1.0.1-18
msrccbl2_cni_1.0.1-19
msrccbl2_containerized-data-importer_1.55.0-23
msrccbl2_cri-o_1.22.3-14

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.