Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0331
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans IBM Db2 REST. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Db2 REST versions ant\u00e9rieures \u00e0 latest-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 REST versions ant\u00e9rieures \u00e0 1.0.0.258-amd64",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
}
],
"initial_release_date": "2023-04-20T00:00:00",
"last_revision_date": "2023-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0331",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM Db2 REST\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Db2 REST",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6984413 du 18 avril 2023",
"url": "https://www.ibm.com/support/pages/node/6984413"
}
]
}
CVE-2022-27664 (GCVE-0-2022-27664)
Vulnerability from cvelistv5
Published
2022-09-06 17:29
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:06:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27664",
"datePublished": "2022-09-06T17:29:08",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41723 (GCVE-0-2022-41723)
Vulnerability from cvelistv5
Published
2023-02-28 17:19
Modified
2025-05-05 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE 400: Uncontrolled Resource Consumption
Summary
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Go standard library | net/http |
Version: 0 ≤ Version: 1.20.0-0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230331-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/57855"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/468135"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/468295"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:37.352634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NVD-CWE-Other",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:12:28.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.Serve"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.ServeTLS"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.19.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.20.1",
"status": "affected",
"version": "1.20.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.ServeConn"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.Ping"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "ClientConn.Shutdown"
},
{
"name": "ConfigureServer"
},
{
"name": "ConfigureTransport"
},
{
"name": "ConfigureTransports"
},
{
"name": "ConnectionError.Error"
},
{
"name": "ErrCode.String"
},
{
"name": "FrameHeader.String"
},
{
"name": "FrameType.String"
},
{
"name": "FrameWriteRequest.String"
},
{
"name": "Framer.ReadFrame"
},
{
"name": "Framer.WriteContinuation"
},
{
"name": "Framer.WriteData"
},
{
"name": "Framer.WriteDataPadded"
},
{
"name": "Framer.WriteGoAway"
},
{
"name": "Framer.WriteHeaders"
},
{
"name": "Framer.WritePing"
},
{
"name": "Framer.WritePriority"
},
{
"name": "Framer.WritePushPromise"
},
{
"name": "Framer.WriteRSTStream"
},
{
"name": "Framer.WriteRawFrame"
},
{
"name": "Framer.WriteSettings"
},
{
"name": "Framer.WriteSettingsAck"
},
{
"name": "Framer.WriteWindowUpdate"
},
{
"name": "GoAwayError.Error"
},
{
"name": "ReadFrameHeader"
},
{
"name": "Setting.String"
},
{
"name": "SettingID.String"
},
{
"name": "SettingsFrame.ForeachSetting"
},
{
"name": "StreamError.Error"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "bufferedWriter.Flush"
},
{
"name": "bufferedWriter.Write"
},
{
"name": "chunkWriter.Write"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "connError.Error"
},
{
"name": "dataBuffer.Read"
},
{
"name": "duplicatePseudoHeaderError.Error"
},
{
"name": "gzipReader.Close"
},
{
"name": "gzipReader.Read"
},
{
"name": "headerFieldNameError.Error"
},
{
"name": "headerFieldValueError.Error"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "pipe.Read"
},
{
"name": "priorityWriteScheduler.CloseStream"
},
{
"name": "priorityWriteScheduler.OpenStream"
},
{
"name": "pseudoHeaderError.Error"
},
{
"name": "requestBody.Close"
},
{
"name": "requestBody.Read"
},
{
"name": "responseWriter.Flush"
},
{
"name": "responseWriter.FlushError"
},
{
"name": "responseWriter.Push"
},
{
"name": "responseWriter.SetReadDeadline"
},
{
"name": "responseWriter.SetWriteDeadline"
},
{
"name": "responseWriter.Write"
},
{
"name": "responseWriter.WriteHeader"
},
{
"name": "responseWriter.WriteString"
},
{
"name": "serverConn.CloseConn"
},
{
"name": "serverConn.Flush"
},
{
"name": "stickyErrWriter.Write"
},
{
"name": "transportResponseBody.Close"
},
{
"name": "transportResponseBody.Read"
},
{
"name": "writeData.String"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2/hpack",
"product": "golang.org/x/net/http2/hpack",
"programRoutines": [
{
"name": "Decoder.parseFieldLiteral"
},
{
"name": "Decoder.readString"
},
{
"name": "Decoder.DecodeFull"
},
{
"name": "Decoder.Write"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T11:09:48.448Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/57855"
},
{
"url": "https://go.dev/cl/468135"
},
{
"url": "https://go.dev/cl/468295"
},
{
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
},
{
"url": "https://www.couchbase.com/alerts/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-41723",
"datePublished": "2023-02-28T17:19:45.801Z",
"dateReserved": "2022-09-28T17:00:06.610Z",
"dateUpdated": "2025-05-05T16:12:28.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32149 (GCVE-0-2022-32149)
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2025-05-15 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE 400: Uncontrolled Resource Consumption
Summary
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| golang.org/x/text | golang.org/x/text/language |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230203-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/56152"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/442235"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-1059"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T20:34:55.435977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:35:11.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/text/language",
"product": "golang.org/x/text/language",
"programRoutines": [
{
"name": "ParseAcceptLanguage"
},
{
"name": "MatchStrings"
}
],
"vendor": "golang.org/x/text",
"versions": [
{
"lessThan": "0.3.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Adam Korczynski (ADA Logics)"
},
{
"lang": "en",
"value": "OSS-Fuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:12:44.090Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/56152"
},
{
"url": "https://go.dev/cl/442235"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-1059"
}
],
"title": "Denial of service via crafted Accept-Language header in golang.org/x/text/language"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-32149",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2025-05-15T20:35:11.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…