Lucene search

K
cveMitreCVE-2022-27664
HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-27664

2022-09-0618:15:12
mitre
web.nvd.nist.gov
357
9
cve-2022
http/2
denial of service
go
security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

62.1%

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Affected configurations

Nvd
Node
golanggoRange<1.18.6
OR
golanggoMatch1.19.0
Node
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
VendorProductVersionCPE
golanggo*cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
golanggo1.19.0cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Social References

More

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

62.1%