3 matches found
AZL-45375 CVE-2021-38561 affecting package containernetworking-plugins for versions less than 1.6.1-4
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
AZL-45162 CVE-2022-32149 affecting package containernetworking-plugins for versions less than 1.6.1-4
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
AZL-45294 CVE-2022-29526 affecting package containernetworking-plugins for versions less than 1.6.1-4
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...