Skip to content

x/text/language: ParseAcceptLanguage takes a long time to parse complex tags #56152

New issue
New issue
Closed
Closed
x/text/language: ParseAcceptLanguage takes a long time to parse complex tags#56152
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Security
Milestone
 
Unreleased
@rolandshoemaker

Description

@rolandshoemaker
rolandshoemaker
opened on Oct 11, 2022

The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers.

This is a PRIVATE issue for CVE-2022-32149, tracked in http://b/238189978 and fixed by http://tg/1565112

/cc @golang/security

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Security

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions