Vulnerability CVE-2022-32149: Information

Description

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-32149
Published: Oct. 14, 2022
Modified: Oct. 18, 2022
Error type identifier: CWE-772

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
grafanasisyphus9.3.1-alt110.2.2-alt1.1ALT-PU-2022-3295-1311333Fixed
grafanap109.5.5-alt110.2.2-alt1.1ALT-PU-2023-4133-1323967Fixed
grafanac10f19.5.5-alt19.5.5-alt1ALT-PU-2023-4346-2324663Fixed
grafanac9f29.5.5-alt19.5.5-alt1ALT-PU-2023-4567-3323137Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://go.dev/cl/442235
  • Vendor Advisory
https://go.dev/issue/56152
  • Issue Tracking
  • Third Party Advisory
https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ
  • Mailing List
  • Third Party Advisory
https://pkg.go.dev/vuln/GO-2022-1059
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:golang:text:*:*:*:*:*:*:*:*
      End excliding
      0.3.8
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top