CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language

2022-10-1400:00:00

www.cve.org

denial of service

crafted header

accept-language

golang.org

parseacceptlanguage

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

CNA Affected

[
  {
    "vendor": "golang.org/x/text",
    "product": "golang.org/x/text/language",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "golang.org/x/text/language",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.3.8",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "ParseAcceptLanguage"
      },
      {
        "name": "MatchStrings"
      }
    ],
    "defaultStatus": "unaffected"
  }
]