CVE-2022-32149

Опубликовано: 14 окт. 2022

Источник: debian

Описание

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Пакет	Статус	Версия исправления	Релиз	Тип
golang-golang-x-text	fixed	0.3.8-1		package
golang-golang-x-text	no-dsa		bullseye	package
golang-x-text	removed			package
golang-x-text	postponed		buster	package

https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
https://go.dev/issue/56152
https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)

CVE-2022-32149

CVSS3: 7.5

ubuntu

больше 3 лет назад

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

CVE-2022-32149

CVSS3: 7.5

redhat

больше 3 лет назад

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

CVE-2022-32149

CVSS3: 7.5

nvd

больше 3 лет назад

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

CVE-2022-32149

CVSS3: 7.5

msrc

больше 1 года назад

Описание отсутствует

GHSA-69ch-w2m2-3vjp

CVSS3: 7.5

github

больше 3 лет назад

golang.org/x/text/language Denial of service via crafted Accept-Language header