CVE-2022-27664

Aliases:GHSA-69cg-p879-7622BIT-golang-2022-27664GO-2022-0969

Advisory lineage Upstream: 0 Downstream: 51

Downstream

DEBIAN-CVE-2022-27664 MGASA-2022-0356 OPENSUSE-SU-2024:12309-1 OPENSUSE-SU-2024:12310-1 OPENSUSE-SU-2024:12600-1 OPENSUSE-SU-2024:12723-1

Modified

Published: 06 Sept 2022, 17:29

Last modified:03 Aug 2024, 05:32

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.1% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Sept 2022, 17:29

Published

Vulnerability first disclosed

03 Aug 2024, 05:32

Last Modified

Vulnerability information updated

Description

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.10%• Percentile: 27%

Affected Systems

fedoraproject•fedora
36 | 37
golang•go
< 1.18.6 | 1.19.0
golang.org/x•net
< 0.0.0-20220906165146-f3363e06e74c
golang.org/x/net•http2
< 0.0.0-20220906165146-f3363e06e74c
Go•stdlib
≥ 1.19.0-0, < 1.19.1