Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-27664HistorySep 06, 2022 - 6:15 p.m.
CVE-2022-27664
2022-09-0618:15:00
Debian Security Bug Tracker
security-tracker.debian.org
55
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
60.5%
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | golang-1.11 | <= 1.11.6-1+deb10u4 | golang-1.11_1.11.6-1+deb10u4_all.deb |
| Debian | 11 | all | golang-1.15 | <= 1.15.15-1~deb11u4 | golang-1.15_1.15.15-1~deb11u4_all.deb |
| Debian | 12 | all | golang-1.19 | < 1.19.1-1 | golang-1.19_1.19.1-1_all.deb |
| Debian | 12 | all | golang-golang-x-net | < 1:0.0+git20221012.0b7e1fb+dfsg-1 | golang-golang-x-net_1:0.0+git20221012.0b7e1fb+dfsg-1_all.deb |
| Debian | 11 | all | golang-golang-x-net | <= 1:0.0+git20210119.5f4716e+dfsg-4 | golang-golang-x-net_1:0.0+git20210119.5f4716e+dfsg-4_all.deb |
| Debian | 999 | all | golang-golang-x-net | < 1:0.0+git20221012.0b7e1fb+dfsg-1 | golang-golang-x-net_1:0.0+git20221012.0b7e1fb+dfsg-1_all.deb |
| Debian | 13 | all | golang-golang-x-net | < 1:0.0+git20221012.0b7e1fb+dfsg-1 | golang-golang-x-net_1:0.0+git20221012.0b7e1fb+dfsg-1_all.deb |
| Debian | 10 | all | golang-golang-x-net-dev | <= 1:0.0+git20181201.351d144+dfsg-3 | golang-golang-x-net-dev_1:0.0+git20181201.351d144+dfsg-3_all.deb |
Related
nessus
nessus
Amazon Linux 2 : golang (ALAS-2022-1851)
2022-10-11 00:00:00
EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-2847)
2022-12-21 00:00:00
RHEL 9 : grafana-pcp (RHSA-2023:2177)
2023-05-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-07 08:33:55
ibm
ibm
Security Bulletin: A vulnerability in Golang Go may affect IBM Robotic Process Automation for Cloud Pak and result in a denial of service (CVE-2022-27664)
2023-01-04 21:04:34
almalinux
almalinux
Moderate: grafana-pcp security update
2023-05-16 00:00:00
Moderate: grafana-pcp security and enhancement update
2023-05-09 00:00:00
Moderate: butane security, bug fix, and enhancement update
2023-05-09 00:00:00
cve
cve
CVE-2022-27664
2022-09-06 18:15:00
redhatcve
redhatcve
CVE-2022-27664
2022-09-08 00:18:20
cbl_mariner
cbl_mariner
CVE-2022-27664 affecting package kured 1.9.1-15
2023-11-15 20:12:47
CVE-2022-27664 affecting package golang 1.17.13-2
2024-04-25 09:08:10
CVE-2022-27664 affecting package golang for versions less than 1.18.8-1
2024-02-25 03:00:06
wolfi
wolfi
CVE-2022-27664 vulnerabilities
2024-04-25 09:06:43
oraclelinux
oraclelinux
grafana-pcp security update
2023-05-24 00:00:00
grafana-pcp security and enhancement update
2023-05-15 00:00:00
grafana security update
2023-05-24 00:00:00
redhat
redhat
(RHSA-2023:2785) Moderate: grafana-pcp security update
2023-05-16 05:54:37
(RHSA-2023:2177) Moderate: grafana-pcp security and enhancement update
2023-05-09 05:02:19
github
github
golang.org/x/net/http2 Denial of Service vulnerability
2022-09-07 00:01:51
prion
prion
Code injection
2022-09-06 18:15:00
gitlab
gitlab
golang.org/x/net/http2 Denial of Service vulnerability
2022-09-07 00:00:00
golang.org/x/net/http2 Denial of Service vulnerability
2022-09-07 00:00:00
ubuntucve
ubuntucve
CVE-2022-27664
2022-09-06 00:00:00
osv
osv
Denial of service in net/http and golang.org/x/net/http2
2022-09-12 20:23:06
golang.org/x/net/http2 Denial of Service vulnerability
2022-09-07 00:01:51
BIT-golang-2022-27664
2024-03-06 11:01:48
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2847)
2022-12-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3325-1)
2022-09-22 00:00:00
openSUSE: Security Advisory for go1.18 (SUSE-SU-2022:3325-1)
2022-09-22 00:00:00
cgr
cgr
CVE-2022-27664 vulnerabilities
2024-04-25 09:06:10
alpinelinux
alpinelinux
CVE-2022-27664
2022-09-06 18:15:00
amazon
amazon
Medium: golang
2022-09-30 07:04:00
Important: amazon-ssm-agent
2023-08-30 18:41:00
Important: amazon-ssm-agent
2023-08-31 22:30:00
suse
suse
Security update for go1.18 (important)
2022-09-21 00:00:00
Security update for go1.19 (important)
2022-09-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.6-alt1
2022-09-14 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36
2022-09-13 01:30:19
[SECURITY] Fedora 37 Update: golang-1.19.1-1.fc37
2022-09-16 00:17:41
photon
photon
Important Photon OS Security Update - PHSA-2022-0519
2022-09-20 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0455
2022-09-20 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2022-09-29 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-10-05 08:23:49
rocky
rocky
git-lfs security and bug fix update
2022-10-25 07:32:51
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
60.5%
Related for DEBIANCVE:CVE-2022-27664