CVE-2022-27664 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-27664

CVE-2022-27664

September 06, 2022

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Related Resources (15)

https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

https://groups.google.com/g/golang-announce

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF

https://go.dev/cl/428735

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/

https://pkg.go.dev/vuln/GO-2022-0969

https://security.netapp.com/advisory/ntap-20220923-0004

https://cs.opensource.google/go/x/net

https://access.redhat.com/security/cve/CVE-2022-27664

https://security.gentoo.org/glsa/202209-26

https://nvd.nist.gov/vuln/detail/CVE-2022-27664

https://security.netapp.com/advisory/ntap-20220923-0004/

https://go.dev/issue/54658

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

EPSS

Base Score:

0.09