An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Golang
  • Text
Redhat
  • Acm
  • Container Native Virtualization
  • Logging
  • Ocp Tools
  • Openshift
  • Openshift Api Data Protection
  • Openshift Custom Metrics Autoscaler
  • Rhel Eus
  • Rhmt

Configuration 1 [-]

cpe:2.3:a:golang:text:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Logging subsystem for Red Hat OpenShift 5.4
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-300 cpe:/a:redhat:logging:5.4::el8 RHSA-2022:7435 2022-11-16T00:00:00Z
OADP-1.0-RHEL-8
oadp/oadp-velero-rhel8:1.0.7-5 cpe:/a:redhat:openshift_api_data_protection:1.0::el8 RHSA-2023:0692 2023-02-09T00:00:00Z
OpenShift Custom Metrics Autoscaler 2
custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143 cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8 RHSA-2023:1042 2023-03-06T00:00:00Z
OpenShift Developer Tools and Services for OCP 4.9
ocp-tools-4/service-binding-operator-bundle:v1.3.1-7 cpe:/a:redhat:ocp_tools:4.9::el8 RHSA-2022:7407 2022-11-03T00:00:00Z
ocp-tools-4/service-binding-rhel8-operator:v1.3.1-5 cpe:/a:redhat:ocp_tools:4.9::el8 RHSA-2022:7407 2022-11-03T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-302 cpe:/a:redhat:logging:5.3::el8 RHSA-2022:6882 2022-11-09T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2
lighthouse-agent-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
lighthouse-coredns-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
subctl-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
submariner-gateway-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
submariner-globalnet-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
submariner-networkplugin-syncer-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
submariner-operator-bundle-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
submariner-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
submariner-route-agent-container cpe:/a:redhat:acm:2.5::el8 RHSA-2023:0481 2023-01-26T00:00:00Z
lighthouse-agent-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
lighthouse-coredns-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
nettest-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
subctl-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
submariner-gateway-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
submariner-globalnet-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
submariner-networkplugin-syncer-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
submariner-operator-bundle-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
submariner-operator-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
submariner-route-agent-container cpe:/a:redhat:acm:2.6::el8 RHSA-2023:0795 2023-02-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
container-tools:rhel8-8060020240413110723.3b538bd8 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:1994 2024-04-23T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020240422101606.0f77c1b7 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:2077 2024-04-29T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7
rhmtc/openshift-migration-velero-rhel8:v1.7.7-5 cpe:/a:redhat:rhmt:1.7::el8 RHSA-2023:0693 2023-02-09T00:00:00Z
Red Hat OpenShift Container Platform 4.12
podman-3:4.2.0-7.rhaos4.12.el9 cpe:/a:redhat:openshift:4.12::el8 RHSA-2023:3613 2023-06-26T00:00:00Z
RHEL-7-CNV-4.13
kubevirt-0:4.13.0-1469.el7 cpe:/a:redhat:container_native_virtualization:4.13::el7 RHSA-2023:3204 2023-05-18T00:00:00Z
RHEL-8-CNV-4.13
kubevirt-0:4.13.0-1469.el8 cpe:/a:redhat:container_native_virtualization:4.13::el8 RHSA-2023:3204 2023-05-18T00:00:00Z
RHEL-9-CNV-4.13
kubevirt-0:4.13.0-1469.el9 cpe:/a:redhat:container_native_virtualization:4.13::el9 RHSA-2023:3204 2023-05-18T00:00:00Z
container-native-virtualization/virt-api-rhel9:v4.13.0-358 cpe:/a:redhat:container_native_virtualization:4.13::el9 RHSA-2023:3205 2023-05-18T00:00:00Z
RHOL-5.5-RHEL-8
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-303 cpe:/a:redhat:logging:5.5::el8 RHSA-2022:7434 2022-11-10T00:00:00Z
References
Link Providers
https://go.dev/cl/442235 cve-icon cve-icon
https://go.dev/issue/56152 cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ cve-icon cve-icon
https://groups.google.com/g/golang-dev/c/qfPIly0X7aU cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-32149 cve-icon
https://pkg.go.dev/vuln/GO-2022-1059 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-32149 cve-icon
History

Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat acm
CPEs cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
Vendors & Products Redhat acm

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
Vendors & Products Redhat acm
cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-10-14T00:00:00

Updated: 2024-08-03T07:32:56.022Z

Reserved: 2022-05-31T00:00:00

Link: CVE-2022-32149

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-10-14T15:15:34.543

Modified: 2022-10-18T17:41:31.897

Link: CVE-2022-32149

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-10-11T00:00:00Z

Links: CVE-2022-32149 - Bugzilla