Published: 14/10/2022 Updated: 18/10/2022

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. (CVE-2022-32149) A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests. (CVE-2022-41721) containerd is an open source container runtime. prior to 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. (CVE-2023-25153) containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. (CVE-2023-25173)

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang text

Debian Bug report logs - #1021785 golang-golang-x-text: CVE-2022-32149 Package: src:golang-golang-x-text; Maintainer for src:golang-golang-x-text is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 14 Oct 2022 18:24:01 UTC Severity: important Tags: ...

Synopsis Moderate: Service Binding Operator 131 security update Type/Severity Security Advisory: Moderate Topic An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 49Red Hat Product Security has rated this update as having a secu ...

Synopsis Moderate: OpenShift Virtualization 4130 RPMs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Virtualization release 4130 is now available with updates to packages ...

Synopsis Moderate: Migration Toolkit for Containers (MTC) 177 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 177 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: OpenShift Container Platform 41222 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41222 is now available with updates to pac ...

Synopsis Moderate: Openshift Logging 5313 security and bug fix release Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Logging 53Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed se ...

Synopsis Moderate: Logging Subsystem 554 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 554 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...

Synopsis Moderate: Submariner 0123 - security update and bug fix Type/Severity Security Advisory: Moderate Topic Submariner 0123 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 25Red Hat Product Security has rated this update as having a se ...

Synopsis Moderate: OpenShift API for Data Protection (OADP) 107 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 107 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: OpenShift Container Platform 41144 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41144 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...

Synopsis Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates) Type/Severity Security Advisory: Moderate Topic Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Synopsis Moderate: OpenShift Virtualization 4130 Images security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 4130 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as ha ...

Synopsis Moderate: RHSA: Submariner 0133 - security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Submariner 0133 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 26Red Hat Product Security has rated this update as hav ...

Synopsis Moderate: Logging Subsystem 548 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic An update is now available for Logging subsystem for Red Hat OpenShift 54Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base scor ...

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse (CVE-2022-32149) A request smuggling attack is possible when using MaxBytesHandler When using MaxBytesHandler, the body of an HTTP request is not fully consumed When the server attempts to read HTTP2 frame ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-772 https://go.dev/cl/442235 https://go.dev/issue/56152 https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ https://pkg.go.dev/vuln/GO-2022-1059 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021785 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-035.html

Get Started

CVE-2022-32149

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect