CVE-2022-32149 - Vulnerability Details

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Golang	Text
Redhat	Acm Container Native Virtualization Logging Ocp Tools Openshift Openshift Api Data Protection Openshift Custom Metrics Autoscaler Rhel Eus Rhmt

Configuration 1 [-]

cpe:2.3:a:golang:text:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Logging subsystem for Red Hat OpenShift 5.4
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-300	cpe:/a:redhat:logging:5.4::el8	RHSA-2022:7435	2022-11-16T00:00:00Z
OADP-1.0-RHEL-8
oadp/oadp-velero-rhel8:1.0.7-5	cpe:/a:redhat:openshift_api_data_protection:1.0::el8	RHSA-2023:0692	2023-02-09T00:00:00Z
OpenShift Custom Metrics Autoscaler 2
custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8	RHSA-2023:1042	2023-03-06T00:00:00Z
OpenShift Developer Tools and Services for OCP 4.9
ocp-tools-4/service-binding-operator-bundle:v1.3.1-7	cpe:/a:redhat:ocp_tools:4.9::el8	RHSA-2022:7407	2022-11-03T00:00:00Z
ocp-tools-4/service-binding-rhel8-operator:v1.3.1-5	cpe:/a:redhat:ocp_tools:4.9::el8	RHSA-2022:7407	2022-11-03T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-302	cpe:/a:redhat:logging:5.3::el8	RHSA-2022:6882	2022-11-09T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2
lighthouse-agent-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
lighthouse-coredns-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
subctl-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
submariner-gateway-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
submariner-globalnet-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
submariner-networkplugin-syncer-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
submariner-operator-bundle-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
submariner-operator-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
submariner-route-agent-container	cpe:/a:redhat:acm:2.5::el8	RHSA-2023:0481	2023-01-26T00:00:00Z
lighthouse-agent-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
lighthouse-coredns-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
nettest-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
subctl-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
submariner-gateway-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
submariner-globalnet-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
submariner-networkplugin-syncer-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
submariner-operator-bundle-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
submariner-operator-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
submariner-route-agent-container	cpe:/a:redhat:acm:2.6::el8	RHSA-2023:0795	2023-02-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
container-tools:rhel8-8060020240413110723.3b538bd8	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:1994	2024-04-23T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
container-tools:rhel8-8080020240422101606.0f77c1b7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:2077	2024-04-29T00:00:00Z
Red Hat Migration Toolkit for Containers 1.7
rhmtc/openshift-migration-velero-rhel8:v1.7.7-5	cpe:/a:redhat:rhmt:1.7::el8	RHSA-2023:0693	2023-02-09T00:00:00Z
Red Hat OpenShift Container Platform 4.12
podman-3:4.2.0-7.rhaos4.12.el9	cpe:/a:redhat:openshift:4.12::el8	RHSA-2023:3613	2023-06-26T00:00:00Z
RHEL-7-CNV-4.13
kubevirt-0:4.13.0-1469.el7	cpe:/a:redhat:container_native_virtualization:4.13::el7	RHSA-2023:3204	2023-05-18T00:00:00Z
RHEL-8-CNV-4.13
kubevirt-0:4.13.0-1469.el8	cpe:/a:redhat:container_native_virtualization:4.13::el8	RHSA-2023:3204	2023-05-18T00:00:00Z
RHEL-9-CNV-4.13
kubevirt-0:4.13.0-1469.el9	cpe:/a:redhat:container_native_virtualization:4.13::el9	RHSA-2023:3204	2023-05-18T00:00:00Z
container-native-virtualization/virt-api-rhel9:v4.13.0-358	cpe:/a:redhat:container_native_virtualization:4.13::el9	RHSA-2023:3205	2023-05-18T00:00:00Z
RHOL-5.5-RHEL-8
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-303	cpe:/a:redhat:logging:5.5::el8	RHSA-2022:7434	2022-11-10T00:00:00Z

References

Link	Providers
https://go.dev/cl/442235
https://go.dev/issue/56152
https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ
https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
https://nvd.nist.gov/vuln/detail/CVE-2022-32149
https://pkg.go.dev/vuln/GO-2022-1059
https://security.netapp.com/advisory/ntap-20230203-0006/
https://www.cve.org/CVERecord?id=CVE-2022-32149

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20230203-0006/

Sun, 08 Sep 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat acm
CPEs		cpe:/a:redhat:acm:2.5::el8 cpe:/a:redhat:acm:2.6::el8
Vendors & Products		Redhat acm

Mon, 19 Aug 2024 22:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/a:redhat:acm:2.5::el8 cpe:/a:redhat:acm:2.6::el8
Vendors & Products	Redhat acm

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-10-14T00:00:00

Updated: 2024-08-03T07:32:56.022Z

Reserved: 2022-05-31T00:00:00

Link: CVE-2022-32149

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-14T15:15:34.543

Modified: 2024-11-21T07:05:50.547

Link: CVE-2022-32149

Redhat

Severity : Moderate

Publid Date: 2022-10-11T00:00:00Z

Links: CVE-2022-32149 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object