< Back

CVE-2022-32149

Updated on 14 Oct 2022

Severity

7.5 High severity

Details

CVSS score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE ID: CWE-772 Missing Release of Resource after Effective Lifetime
Affected product
Affected component
Links: NIST CIRCL RHEL Ubuntu

Overview

About vulnerability

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Details

Affected product:: Azure/azure-event-hubs-go , Azure/azure-pipeline-go , Azure/azure-storage-blob-go , Grafana , Loki , MinIO , WireGuard/wgctrl-go/wgctrl , apache/arrow , apache/arrow/go/arrow , bketelsen/crypt , census-instrumentation/opencensus-go , centrifugal/centrifuge , cloud.google.com/go , cloud.google.com/go/firestore , cloud.google.com/go/storage , cortexproject/cortex , cue.gerrithub/cue-lang/cue , cuelang.org/go , elastic/apm-agent-go/module/apmhttp , elastic/apm-agent-go/module/apmot , etcd-io/etcd , gdamore/encoding , gdamore/tcell , getsentry/sentry-go , github.com/Azure/azure-event-hubs-go , github.com/Azure/azure-pipeline-go , github.com/Azure/azure-storage-blob-go , github.com/Shopify/sarama , github.com/antonmedv/expr , github.com/apache/arrow/go/arrow , github.com/bketelsen/crypt , github.com/centrifugal/centrifuge , github.com/cortexproject/cortex , github.com/deepmap/oapi-codegen , github.com/gdamore/encoding , github.com/gdamore/tcell , github.com/getsentry/sentry-go , github.com/go-kit/kit , github.com/go-openapi/analysis , github.com/go-openapi/jsonreference , github.com/go-openapi/loads , github.com/go-openapi/runtime , github.com/go-openapi/spec , github.com/go-openapi/strfmt , github.com/go-openapi/validate , github.com/golang-migrate/migrate , github.com/golang/mock , github.com/golang/protobuf , github.com/grafana/grafana-plugin-sdk-go , github.com/grpc-ecosystem/go-grpc-middleware , github.com/hashicorp/consul , github.com/hashicorp/go-discover , github.com/hashicorp/go-plugin , github.com/influxdata/flux , github.com/influxdata/go-syslog , github.com/influxdata/influxdb , github.com/influxdata/influxdb-client-go , github.com/influxdata/tdigest , github.com/influxdata/telegraf , github.com/jaegertracing/jaeger , github.com/jhump/protoreflect , github.com/kataras/iris , github.com/mattn/go-ieproxy , github.com/onsi/ginkgo , github.com/onsi/gomega , github.com/openzipkin-contrib/zipkin-go-opentracing , github.com/openzipkin/zipkin-go , github.com/prometheus/alertmanager , github.com/prometheus/client_golang , github.com/prometheus/common , github.com/prometheus/prometheus , github.com/rivo/tview , github.com/securego/gosec , github.com/spf13/afero , github.com/spf13/cobra , github.com/spf13/viper , github.com/thanos-io/thanos , github.com/xdg-go/stringprep , go-kit/kit , go-openapi/analysis , go-openapi/jsonreference , go-openapi/loads , go-openapi/runtime , go-openapi/spec , go-openapi/strfmt , go-openapi/validate , go.elastic.co/apm/module/apmhttp , go.elastic.co/apm/module/apmot , go.etcd.io/etcd , go.mongodb.org/mongo-driver , go.opencensus.io , go.opentelemetry.io/collector , golang-migrate/migrate , golang.org/x/exp , golang.org/x/image , golang.org/x/mobile , golang.org/x/net , golang.org/x/oauth2 , golang.org/x/text , golang.zx2c4.com/wireguard , golang.zx2c4.com/wireguard/wgctrl , golang/appengine , golang/mock , golang/protobuf , gonum.org/v1/gonum , gonum.org/v1/plot , gonum/exp/gonum , gonum/exp/plot , google.golang.org/api , google.golang.org/appengine , google.golang.org/genproto , google.golang.org/grpc , google.golang.org/protobuf , googleapis/go-genproto , googleapis/google-api-go-client , googleapis/google-cloud-go , googleapis/google-cloud-go/firestore , googleapis/google-cloud-go/storage , googlesource/exp , googlesource/image , googlesource/mobile , googlesource/net , googlesource/oauth2 , googlesource/protobuf , googlesource/text , gopkg.in/macaron.v1 , grafana/grafana-plugin-sdk-go , grpc-ecosystem/go-grpc-middleware , grpc/grpc-go , hashicorp/consul , hashicorp/go-discover , hashicorp/go-plugin , influxdata/flux , influxdata/influxdb , influxdata/influxdb-client-go , influxdata/tdigest , influxdata/telegraf , jaegertracing/jaeger , jhump/protoreflect , k8s.io/api , k8s.io/apimachinery , k8s.io/kube-openapi , kataras/iris , kubernetes/api , kubernetes/apimachinery , kubernetes/kube-openapi , mattn/go-ieproxy , mongodb/mongo-go-driver , onsi/ginkgo , onsi/gomega , open-telemetry/opentelemetry-collector , openzipkin-contrib/zipkin-go-opentracing , openzipkin/zipkin-go , prometheus/alertmanager , prometheus/client_golang , prometheus/common , prometheus/prometheus , rivo/tview , rsc.io/quote , rsc.io/sampler , rsc/quote , rsc/sampler , securego/gosec , spf13/afero , spf13/cobra , spf13/viper , thanos-io/thanos , xdg-go/stringprep , zx2c4/wireguard-go
Affected packages:: github.com/prometheus/prometheus @ 1.8.2-0.20210430082741-2a4b8e12bbf2 (+198 more)

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Release info

Copy page link

Open as a page

Advisory

CLSA-2025:1748945064

Operating system

CentOS 8.4 ELS

Published date

Nov 16, 2014

Project

Linux

Version

2.11.0-1~ubuntu16.04.1+tuxcare.els12

How to fix

Update command:

apt-get update
apt-get --only-upgrade install ansible*

Changelog

Insufficiently Random Passwords Leakage
Debian/patches/CVE-2020-10729.patch: Fix caching of Jinja2 expressions to prevent caching dynamic results
CVE-2020-10729

Updated packages

ansible_2.5.1+dfsg-1ubuntu0.1+tuxcare.els6_all.deb

CVE-2022-32149

Severity

Details

Overview

About vulnerability

Details

Statement

Subscribe to updates

Unsubscribe

Contact us

Message Delivered!