CVE-2022-32149

Summary

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Affected Software

VendorProductVersion RangeStatus
golang.org/x/textgolang.org/x/text/language0 < 0.3.8affected

Weaknesses

  • CWE 400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References