Lucene search
Veracode Vulnerability DatabaseVERACODE:36463HistoryJul 25, 2022 - 4:55 a.m.
Request Smuggling
2022-07-2504:55:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
vulnerability
request smuggling
go
software
EPSS
0.002
Percentile
54.5%
go is vulnerable to Request Smuggling. The vulnerability exists because of accepting some invalid transfer-encoding header in t *transferReader function in transfer.go will allow the attacker to smuggle HTTP requests if combined with an intermediate server that also improperly fails to reject the header as invalid.
References
go.dev/cl/409874
go.dev/cl/410714
go.dev/issue/53188
go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
groups.google.com/g/golang-announce/c/nqrv9fbR0zE
lists.fedoraproject.org/archives/list/[email protected]/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
pkg.go.dev/vuln/GO-2022-0525
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.16/community.yaml
Related
cve
cve
CVE-2022-1705
2022-08-10 20:15:25
cvelist
cvelist
CVE-2022-1705 Improper sanitization of Transfer-Encoding headers in net/http
2022-08-09 20:16:57
cbl_mariner
cbl_mariner
CVE-2022-1705 affecting package golang 1.18.3-1
2022-09-17 05:56:44
CVE-2022-1705 affecting package golang for versions less than 1.18.5-1
2022-09-16 06:05:39
prion
prion
Design/Logic Flaw
2022-08-10 20:15:00
ibm
ibm
osv
osv
Improper sanitization of Transfer-Encoding headers in net/http
2022-07-25 17:34:18
BIT-golang-2022-1705
2024-03-06 11:03:10
CVE-2022-1705
2022-08-10 20:15:25
alpinelinux
alpinelinux
CVE-2022-1705
2022-08-10 20:15:25
ubuntucve
ubuntucve
CVE-2022-1705
2022-08-10 00:00:00
nvd
nvd
CVE-2022-1705
2022-08-10 20:15:25
debiancve
debiancve
CVE-2022-1705
2022-08-10 20:15:25
redhatcve
redhatcve
CVE-2022-1705
2022-07-15 10:32:19
nessus
nessus
RHEL 8 : butane (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 9 : butane (Unpatched Vulnerability)
2024-06-03 00:00:00
AlmaLinux 9 : toolbox (ALSA-2022:8098)
2022-11-19 00:00:00
redhat
redhat
almalinux
almalinux
Moderate: toolbox security and bug fix update
2022-11-15 00:00:00
Moderate: grafana-pcp security update
2022-11-08 00:00:00
Moderate: grafana-pcp security update
2022-11-15 00:00:00
rocky
rocky
toolbox security and bug fix update
2022-11-15 06:15:31
grafana-pcp security update
2022-11-15 06:19:30
grafana-pcp security update
2022-11-08 06:25:29
oraclelinux
oraclelinux
grafana-pcp security update
2022-11-15 00:00:00
grafana-pcp security update
2022-11-22 00:00:00
go-toolset:ol8 security and bug fix update
2022-08-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.4-alt1
2022-07-28 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10
2022-07-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0262)
2022-07-18 00:00:00
openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:2671-1)
2022-08-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2672-1)
2022-08-05 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-07-12 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-07-16 22:58:20
suse
suse
Security update for go1.17 (important)
2022-08-04 00:00:00
Security update for go1.18 (important)
2022-08-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0242
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0242
2022-09-07 00:00:00