Wiz
Vulnerability DatabaseCVE-2022-32149

CVE-2022-32149
Terraform Community vulnerability analysis and mitigation

Overview

CVE-2022-32149 is a vulnerability discovered in the golang.org/x/text/language package that affects versions prior to 0.3.8. The vulnerability was discovered by OSS-Fuzz and reported by Adam Korczynski from ADA Logics. It was disclosed on October 11, 2022, and involves the ParseAcceptLanguage function's handling of Accept-Language headers (Golang Announce).

Technical details

The vulnerability stems from a quadratic time complexity issue in the BCP 47 tag parser's design. When processing Accept-Language headers, the ParseAcceptLanguage function can be forced to consume significant processing time when parsing complex tags. The vulnerability has been assigned a CVSS score of 7.5 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NetApp Security).

Impact

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition. Since the parser is exposed to untrusted user input through Accept-Language headers, attackers can leverage this vulnerability to force applications to consume significant computational resources (Go Issue).

Mitigation and workarounds

The vulnerability has been fixed in golang.org/x/text version 0.3.8. Users are advised to upgrade to this version or later to address the security issue (Golang Announce).

Additional resources

SourceThis report was generated using AI

Related Terraform Community vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-61725HIGH7.5
  • cAdvisorcAdvisor
  • cluster-api-helm-controller
NoYesOct 29, 2025
CVE-2025-61723HIGH7.5
  • cAdvisorcAdvisor
  • tempo-fips
NoYesOct 29, 2025
CVE-2025-58181MEDIUM5.3
  • cAdvisorcAdvisor
  • cloud-provider-aws-fips-1.30
NoYesNov 19, 2025
CVE-2025-47914MEDIUM5.3
  • cAdvisorcAdvisor
  • kyverno-policy-reporter-fips
NoYesNov 19, 2025
CVE-2025-61724MEDIUM5.3
  • cAdvisorcAdvisor
  • direnv
NoYesOct 29, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo