High severityNVD Advisory· Published Oct 14, 2022· Updated May 15, 2025

Denial of service via crafted Accept-Language header in golang.org/x/text/language

CVE-2022-32149

Description

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Crafting a malicious Accept-Language header can cause Go's ParseAcceptLanguage to consume excessive CPU, leading to denial of service.

The vulnerability lies in the ParseAcceptLanguage function within Go's golang.org/x/text/language package. The function lacks input validation on the length of the Accept-Language header, allowing a specially crafted string to cause excessive CPU consumption during parsing[3].

An attacker can trigger this by sending an HTTP request with a crafted Accept-Language header containing a large number of subtags or repeated patterns. No authentication is required, and the attack is remote[1].

The impact is a denial of service condition, as the target server may become unresponsive due to high CPU usage while processing the malicious header[3].

A fix was committed to the golang.org/x/text repository that rejects Accept-Language headers with more than 1000 subtags[4]. The fix is included in Go 1.18.6 and Go 1.19.1. Users should upgrade to these versions or apply the patch to the x/text package[3].

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
golang.org/x/textGo	< 0.3.8	0.3.8

Affected products

199

osv-coords198 versions
pkg:apk/chainguard/dynamic-localpv-provisioner pkg:apk/chainguard/dynamic-localpv-provisioner-fips pkg:apk/chainguard/eks-distro-coredns-1.8 pkg:apk/chainguard/gitleaks pkg:apk/chainguard/grpcurl pkg:apk/chainguard/hey pkg:apk/chainguard/k3d pkg:apk/chainguard/k3d-proxy pkg:apk/chainguard/k3d-tools pkg:apk/chainguard/kubeflow pkg:apk/chainguard/kubeflow-access-management pkg:apk/chainguard/kubeflow-access-management-compat pkg:apk/chainguard/kubeflow-access-management-fips pkg:apk/chainguard/kubeflow-access-management-fips-compat pkg:apk/chainguard/kubeflow-admission-webhook pkg:apk/chainguard/kubeflow-admission-webhook-compat pkg:apk/chainguard/kubeflow-admission-webhook-fips pkg:apk/chainguard/kubeflow-admission-webhook-fips-compat pkg:apk/chainguard/kubeflow-fips pkg:apk/chainguard/kubeflow-notebook-controller pkg:apk/chainguard/kubeflow-notebook-controller-compat pkg:apk/chainguard/kubeflow-notebook-controller-fips pkg:apk/chainguard/kubeflow-notebook-controller-fips-compat pkg:apk/chainguard/kubeflow-profile-controller pkg:apk/chainguard/kubeflow-profile-controller-compat pkg:apk/chainguard/kubeflow-profile-controller-fips pkg:apk/chainguard/kubeflow-profile-controller-fips-compat pkg:apk/chainguard/kubeflow-pvcviewer-controller pkg:apk/chainguard/kubeflow-pvcviewer-controller-compat pkg:apk/chainguard/kubeflow-pvcviewer-controller-fips pkg:apk/chainguard/kubeflow-pvcviewer-controller-fips-compat pkg:apk/chainguard/kubeflow-tensorboard-controller pkg:apk/chainguard/kubeflow-tensorboard-controller-compat pkg:apk/chainguard/kubeflow-tensorboard-controller-fips pkg:apk/chainguard/kubeflow-tensorboard-controller-fips-compat pkg:apk/chainguard/kube-state-metrics-2.6 pkg:apk/chainguard/php-fpm_exporter pkg:apk/chainguard/prometheus-postgres-exporter-0.10 pkg:apk/chainguard/py3-seldon-core-1.16 pkg:apk/chainguard/seldon-core-operator-1.16 pkg:apk/chainguard/seldon-core-operator-compat pkg:apk/chainguard/seldon-core-operator-compat-helm pkg:apk/chainguard/seldon-core-operator-fips pkg:apk/chainguard/terraform-provider-sendgrid pkg:apk/chainguard/terraform-provider-sendgrid-fips pkg:apk/chainguard/vt-cli pkg:apk/wolfi/dynamic-localpv-provisioner pkg:apk/wolfi/gitleaks pkg:apk/wolfi/grpcurl pkg:apk/wolfi/hey pkg:apk/wolfi/k3d pkg:apk/wolfi/k3d-proxy pkg:apk/wolfi/k3d-tools pkg:apk/wolfi/kubeflow pkg:apk/wolfi/kubeflow-access-management pkg:apk/wolfi/kubeflow-access-management-compat pkg:apk/wolfi/kubeflow-admission-webhook pkg:apk/wolfi/kubeflow-admission-webhook-compat pkg:apk/wolfi/kubeflow-notebook-controller pkg:apk/wolfi/kubeflow-notebook-controller-compat pkg:apk/wolfi/kubeflow-profile-controller pkg:apk/wolfi/kubeflow-profile-controller-compat pkg:apk/wolfi/kubeflow-pvcviewer-controller pkg:apk/wolfi/kubeflow-pvcviewer-controller-compat pkg:apk/wolfi/kubeflow-tensorboard-controller pkg:apk/wolfi/kubeflow-tensorboard-controller-compat pkg:apk/wolfi/php-fpm_exporter pkg:apk/wolfi/terraform-provider-sendgrid pkg:apk/wolfi/vt-cli pkg:golang/golang.org/x/text pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/prometheus-postgres_exporter&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/prometheus-postgres_exporter&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/supportutils-plugin-susemanager-client&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/supportutils-plugin-susemanager-client&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205 pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205 pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.3 pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.3 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3 pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/scap-security-guide&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS pkg:rpm/suse/scap-security-guide&distro=SUSE:EL-9:Update:Products:ManagerTools:Update pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS pkg:rpm/suse/spacecmd&distro=SUSE:EL-9:Update:Products:ManagerTools:Update pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/system-user-grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/system-user-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012-BETA pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015-BETA pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2012 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2015 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.3
< 3.4.1-r3+ 197 more
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 1.8.7-r5
- (no CPE)range: < 8.18.2-r1
- (no CPE)range: < 1.8.7-r7
- (no CPE)range: < 0.1.4-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 2.6.0-r1
- (no CPE)range: < 2.2.0-r8
- (no CPE)range: < 0
- (no CPE)range: < 1.16.0-r6
- (no CPE)range: < 1.16.0-r1
- (no CPE)range: < 1.16.0-r6
- (no CPE)range: < 1.16.0-r1
- (no CPE)range: < 1.16.0-r6
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.0-r3
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 8.18.2-r1
- (no CPE)range: < 1.8.7-r7
- (no CPE)range: < 0.1.4-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 2.2.0-r8
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.0-r3
- (no CPE)range: < 0.3.8
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 0.1.1681904360.84ef141-150000.1.50.1
- (no CPE)range: < 0.1.1681904360.84ef141-150000.1.50.1
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 9.5.1-150200.3.41.3
- (no CPE)range: < 9.5.1-150200.3.41.3
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 0.10.1-150000.1.14.3
- (no CPE)range: < 0.10.1-150000.1.14.3
- (no CPE)range: < 4.3.21-150000.3.98.1
- (no CPE)range: < 4.3.21-150000.3.98.1
- (no CPE)range: < 4.3.3-150000.3.21.2
- (no CPE)range: < 4.3.3-150000.3.21.2
- (no CPE)range: < 0.5.0-150000.1.12.3
- (no CPE)range: < 0.5.0-150000.1.12.3
- (no CPE)range: < 2.9.27-159000.3.9.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 0.1.1681904360.84ef141-150000.1.50.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1681904360.84ef141-150000.1.50.1
- (no CPE)range: < 1.6-4.9.2
- (no CPE)range: < 1.6-159000.4.9.1
- (no CPE)range: < 1.0.0-1.18.2
- (no CPE)range: < 1.0.0-4.12.4
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-159000.4.12.1
- (no CPE)range: < 1.0.0-1.8.1
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-1.8.1
- (no CPE)range: < 0.23.0-1.21.2
- (no CPE)range: < 0.26.0-4.12.4
- (no CPE)range: < 1.5.0-1.27.2
- (no CPE)range: < 1.5.0-1.27.2
- (no CPE)range: < 1.5.0-1.27.2
- (no CPE)range: < 1.5.0-4.15.4
- (no CPE)range: < 1.5.0-1.9.2
- (no CPE)range: < 1.5.0-1.9.2
- (no CPE)range: < 2.45.0-1.47.3
- (no CPE)range: < 2.45.0-4.33.3
- (no CPE)range: < 2.45.0-150000.3.50.3
- (no CPE)range: < 2.45.0-159000.6.33.1
- (no CPE)range: < 0.14.0-4.12.2
- (no CPE)range: < 0.4.0-1.12.2
- (no CPE)range: < 0.4.0-4.6.2
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-1.6.1
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-1.6.1
- (no CPE)range: < 9.5.1-150200.3.41.3
- (no CPE)range: < 9.5.1-150200.3.41.3
- (no CPE)range: < 9.5.1-1.48.1
- (no CPE)range: < 9.5.8-4.21.2
- (no CPE)range: < 9.5.1-150000.1.48.5
- (no CPE)range: < 9.5.8-159000.4.24.1
- (no CPE)range: < 0.1.1687520761.cefb248-4.15.2
- (no CPE)range: < 4.3.7-1.41.1
- (no CPE)range: < 4.3.7-150000.1.41.1
- (no CPE)range: < 5.0.1-4.21.4
- (no CPE)range: < 5.0.1-159000.4.21.1
- (no CPE)range: < 0.24.0-1.23.2
- (no CPE)range: < 0.24.0-3.6.3
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 0.10.1-1.14.3
- (no CPE)range: < 0.10.1-3.6.4
- (no CPE)range: < 0.10.1-150000.1.14.3
- (no CPE)range: < 0.10.1-159000.3.6.1
- (no CPE)range: < 0.10.1-1.9.2
- (no CPE)range: < 0.10.1-150000.1.14.3
- (no CPE)range: < 0.10.1-1.9.2
- (no CPE)range: < 2.3.5-15.12.2
- (no CPE)range: < 2.3.5-159000.5.13.1
- (no CPE)range: < 6.7.3-150000.1.6.2
- (no CPE)range: < 6.7.3-159000.3.6.1
- (no CPE)range: < 5.0.1-24.30.3
- (no CPE)range: < 5.0.1-159000.6.30.1
- (no CPE)range: < 0.1.69-1.12.2
- (no CPE)range: < 0.1.69-1.12.2
- (no CPE)range: < 4.3.21-38.121.1
- (no CPE)range: < 5.0.1-41.42.3
- (no CPE)range: < 4.3.21-150000.3.98.1
- (no CPE)range: < 5.0.1-159000.6.42.1
- (no CPE)range: < 4.3.23-1.18.2
- (no CPE)range: < 4.3.23-1.18.2
- (no CPE)range: < 5.0.1-159000.6.48.1
- (no CPE)range: < 1.2.2-9.9.2
- (no CPE)range: < 1.2.2-159000.5.9.1
- (no CPE)range: < 4.3.3-6.27.2
- (no CPE)range: < 5.0.1-9.15.2
- (no CPE)range: < 4.3.3-150000.3.21.2
- (no CPE)range: < 5.0.1-159000.6.15.1
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 4.3.8-1.33.1
- (no CPE)range: < 5.0.1-3.33.3
- (no CPE)range: < 4.3.8-150000.1.33.1
- (no CPE)range: < 5.0.1-159000.3.33.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 1.0.14-30.42.1
- (no CPE)range: < 1.0.14-150000.3.35.1
- (no CPE)range: < 1.0.14-150000.3.35.1
- (no CPE)range: < 1.0.14-150000.3.35.1
Golang.org/x/text/Golang.org/x/text/languagev5
Range: 0

Patches

434eadcdbc3b

language: reject excessively large Accept-Language strings

https://github.com/golang/textRoland ShoemakerSep 2, 2022via ghsa

commit

2 files changed · +18 −0

language/parse.go+5 −0 modified

@@ -147,6 +147,7 @@ func update(b *language.Builder, part ...interface{}) (err error) {
 }
 
 var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight")
+var errTagListTooLarge = errors.New("tag list exceeds max length")
 
 // ParseAcceptLanguage parses the contents of an Accept-Language header as
 // defined in http://www.ietf.org/rfc/rfc2616.txt and returns a list of Tags and
@@ -164,6 +165,10 @@ func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) {
 		}
 	}()
 
+	if strings.Count(s, "-") > 1000 {
+		return nil, nil, errTagListTooLarge
+	}
+
 	var entry string
 	for s != "" {
 		if entry, s = split(s, ','); entry == "" {

language/parse_test.go+13 −0 modified

@@ -394,3 +394,16 @@ func TestParseAcceptLanguage(t *testing.T) {
 		}
 	}
 }
+
+func TestParseAcceptLanguageTooBig(t *testing.T) {
+	s := strings.Repeat("en-x-a-", 333)
+	_, _, err := ParseAcceptLanguage(s)
+	if err != language.ErrSyntax {
+		t.Errorf("ParseAcceptLanguage() unexpected error: got %v, want %v", err, language.ErrSyntax)
+	}
+	s += "en-x-a"
+	_, _, err = ParseAcceptLanguage(s)
+	if err != errTagListTooLarge {
+		t.Errorf("ParseAcceptLanguage() unexpected error: got %v, want %v", err, errTagListTooLarge)
+	}
+}

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-69ch-w2m2-3vjpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-32149ghsaADVISORY
github.com/golang/go/issues/56152ghsaWEB
github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72cghsaWEB
go.dev/cl/442235ghsaWEB
go.dev/issue/56152ghsaWEB
groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJghsaWEB
pkg.go.dev/vuln/GO-2022-1059ghsaWEB
security.netapp.com/advisory/ntap-20230203-0006ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000