In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

CPENameOperatorVersion
go/golang.org/x/netlt0.0.0-20220906165146-f3363e06e74c

CPE	Name	Operator	Version
	go/golang.org/x/net	lt	0.0.0-20220906165146-f3363e06e74c

References

github.com/advisories/GHSA-69cg-p879-7622

go.dev/cl/428735

go.dev/issue/54658

groups.google.com/g/golang-announce

groups.google.com/g/golang-announce/c/x49AQzIVX-s

lists.fedoraproject.org/archives/list/[email protected]/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/

lists.fedoraproject.org/archives/list/[email protected]/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/

nvd.nist.gov/vuln/detail/CVE-2022-27664

pkg.go.dev/vuln/GO-2022-0969

security.gentoo.org/glsa/202209-26

security.netapp.com/advisory/ntap-20220923-0004/

nessus 72

redhat 23

cgr 1

almalinux 11

openvas 14

ibm 23

osv 16

prion 1

ubuntucve 1

gitlab 1

amazon 3

alpinelinux 1

oraclelinux 9

github 1

nvd 1

cvelist 1

cbl_mariner 4

redhatcve 1

veracode 1

debiancve 1

wolfi 1

cve 1

suse 2

altlinux 1

fedora 2

freebsd 1

gentoo 1

photon 2

mageia 1

rocky 1

nessus

AlmaLinux 9 : grafana-pcp (ALSA-2023:2177)

2023-05-14 00:00:00

CentOS 8 : grafana-pcp (CESA-2023:2785)

2023-05-16 00:00:00

CentOS 9 : grafana-pcp-5.1.1-1.el9

2024-02-29 00:00:00

redhat

(RHSA-2023:2785) Moderate: grafana-pcp security update

2023-05-16 05:54:37

(RHSA-2023:2177) Moderate: grafana-pcp security and enhancement update

2023-05-09 05:02:19

(RHSA-2023:4674) Moderate: OpenShift Container Platform 4.12.30 packages and security update

2023-08-23 16:37:39

cgr

CVE-2022-27664 vulnerabilities

2024-05-19 03:07:16

almalinux

Moderate: grafana-pcp security and enhancement update

2023-05-09 00:00:00

Moderate: grafana-pcp security update

2023-05-16 00:00:00

Moderate: butane security, bug fix, and enhancement update

2023-05-09 00:00:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2847)

2022-12-22 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3325-1)

2022-09-22 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2822)

2022-12-22 00:00:00

ibm

Security Bulletin: Vulnerability in Golang Go affects IBM Event Streams (CVE-2022-27664)

2022-12-05 16:43:32

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service due to [CVE-2022-27664]

2023-01-27 10:21:16

Security Bulletin: Golang Go vulnerability

2023-04-17 18:03:21

osv

Denial of service in net/http and golang.org/x/net/http2

2022-09-12 20:23:06

golang.org/x/net/http2 Denial of Service vulnerability

2022-09-07 00:01:51

Moderate: grafana-pcp security and enhancement update

2023-05-09 00:00:00

prion

Code injection

2022-09-06 18:15:00

ubuntucve

CVE-2022-27664

2022-09-06 00:00:00

gitlab

golang.org/x/net/http2 Denial of Service vulnerability

2022-09-07 00:00:00

amazon

Medium: golang

2022-09-30 07:04:00

Important: amazon-ssm-agent

2023-08-30 18:41:00

Important: amazon-ssm-agent

2023-08-31 22:30:00

alpinelinux

CVE-2022-27664

2022-09-06 18:15:12

oraclelinux

grafana-pcp security update

2023-05-24 00:00:00

grafana-pcp security and enhancement update

2023-05-15 00:00:00

grafana security update

2023-05-24 00:00:00

github

golang.org/x/net/http2 Denial of Service vulnerability

2022-09-07 00:01:51

nvd

CVE-2022-27664

2022-09-06 18:15:12

cvelist

CVE-2022-27664

2022-09-06 17:29:08

cbl_mariner

CVE-2022-27664 affecting package golang 1.17.13-2

2024-07-01 09:08:31

CVE-2022-27664 affecting package kured for versions less than 1.13.2-1

2023-11-15 20:12:47

CVE-2022-27664 affecting package golang for versions less than 1.18.8-1

2024-02-25 03:00:06

redhatcve

CVE-2022-27664

2022-09-08 00:18:20

veracode

Denial Of Service (DoS)

2022-09-07 08:33:55

debiancve

CVE-2022-27664

2022-09-06 18:15:12

wolfi

CVE-2022-27664 vulnerabilities

2024-07-01 09:08:36

cve

CVE-2022-27664

2022-09-06 18:15:12

suse

Security update for go1.18 (important)

2022-09-21 00:00:00

Security update for go1.19 (important)

2022-09-21 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.18.6-alt1

2022-09-14 00:00:00

fedora

[SECURITY] Fedora 37 Update: golang-1.19.1-1.fc37

2022-09-16 00:17:41

[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36

2022-09-13 01:30:19

freebsd

go -- multiple vulnerabilities

2022-09-06 00:00:00

gentoo

Go: Multiple Vulnerabilities

2022-09-29 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0519

2022-09-20 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0455

2022-09-20 00:00:00

mageia

Updated golang packages fix security vulnerability

2022-10-05 08:23:49

rocky

git-lfs security and bug fix update

2022-10-25 07:32:51

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for GITLAB-20A1692160688442228E71FE7AD791BE