Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

CPENameOperatorVersion
golt1.17.12
goge1.18.0
golt1.18.4

Name	Operator	Version
go	lt	1.17.12
go	ge	1.18.0
go	lt	1.18.4

References

go.dev/cl/409874

go.dev/cl/410714

go.dev/issue/53188

go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f

groups.google.com/g/golang-announce/c/nqrv9fbR0zE

pkg.go.dev/vuln/GO-2022-0525

cve 1

cvelist 1

ubuntucve 1

alpinelinux 1

osv 22

nvd 1

ibm 14

debiancve 1

redhatcve 1

veracode 1

cbl_mariner 2

nessus 74

redhat 27

almalinux 12

rocky 9

oraclelinux 11

openvas 8

altlinux 2

mageia 1

freebsd 1

suse 2

photon 2

amazon 3

fedora 1

cve

CVE-2022-1705

2022-08-10 20:15:25

cvelist

CVE-2022-1705 Improper sanitization of Transfer-Encoding headers in net/http

2022-08-09 20:16:57

ubuntucve

CVE-2022-1705

2022-08-10 00:00:00

alpinelinux

CVE-2022-1705

2022-08-10 20:15:25

osv

BIT-golang-2022-1705

2024-03-06 11:03:10

Improper sanitization of Transfer-Encoding headers in net/http

2022-07-25 17:34:18

CVE-2022-1705

2022-08-10 20:15:25

nvd

CVE-2022-1705

2022-08-10 20:15:25

ibm

Security Bulletin: Operations Dashboard is vulnerable to request smuggling due to Golang Go vulnerability CVE-2022-1705

2022-09-22 10:10:07

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to HTTP request smuggling due to CVE-2022-1705

2022-11-04 17:30:05

Security Bulletin: Watson CP4D Data Stores is vulnerable to Golang Go is vulnerable to HTTP request smuggling(CVE-2022-1705)

2023-06-30 18:31:54

debiancve

CVE-2022-1705

2022-08-10 20:15:25

redhatcve

CVE-2022-1705

2022-07-15 10:32:19

veracode

Request Smuggling

2022-07-25 04:55:56

cbl_mariner

CVE-2022-1705 affecting package golang 1.18.3-1

2022-09-17 05:56:44

CVE-2022-1705 affecting package golang for versions less than 1.18.5-1

2022-09-16 06:05:39

nessus

RHEL 9 : butane (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 8 : butane (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 8 : OpenShift Container Platform 4.11.17 packages and (RHSA-2022:8626)

2023-01-23 00:00:00

redhat

(RHSA-2022:6187) Important: Node Health Check Operator 0.3.1 security update

2022-08-25 10:07:30

(RHSA-2022:8098) Moderate: toolbox security and bug fix update

2022-11-15 06:15:31

(RHSA-2022:8626) Moderate: OpenShift Container Platform 4.11.17 packages and security update

2022-11-28 20:39:41

almalinux

Moderate: toolbox security and bug fix update

2022-11-15 00:00:00

Moderate: grafana-pcp security update

2022-11-15 00:00:00

Moderate: grafana-pcp security update

2022-11-08 00:00:00

rocky

toolbox security and bug fix update

2022-11-15 06:15:31

grafana-pcp security update

2022-11-15 06:19:30

grafana-pcp security update

2022-11-08 06:25:29

oraclelinux

grafana-pcp security update

2022-11-15 00:00:00

grafana-pcp security update

2022-11-22 00:00:00

go-toolset:ol8 security and bug fix update

2022-08-03 00:00:00

openvas

Mageia: Security Advisory (MGASA-2022-0262)

2022-07-18 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2671-1)

2022-08-05 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2672-1)

2022-08-05 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.18.4-alt1

2022-07-28 00:00:00

Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10

2022-07-29 00:00:00

mageia

Updated golang packages fix security vulnerability

2022-07-16 22:58:20

freebsd

go -- multiple vulnerabilities

2022-07-12 00:00:00

suse

Security update for go1.17 (important)

2022-08-04 00:00:00

Security update for go1.18 (important)

2022-08-04 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0242

2022-09-07 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0242

2022-09-07 00:00:00

amazon

Important: golist

2022-09-15 04:46:00

Important: go-rpm-macros

2022-10-17 21:46:00

Important: golang-googlecode-net

2022-10-17 21:46:00

fedora

[SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35

2022-08-17 01:36:21

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for PRION:CVE-2022-1705