In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

CPENameOperatorVersion
go/golang.org/x/net/http2lt0.0.0-20220906165146-f3363e06e74c

CPE	Name	Operator	Version
	go/golang.org/x/net/http2	lt	0.0.0-20220906165146-f3363e06e74c

References

github.com/advisories/GHSA-69cg-p879-7622

groups.google.com/g/golang-announce

groups.google.com/g/golang-announce/c/x49AQzIVX-s

lists.fedoraproject.org/archives/list/[email protected]/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/

lists.fedoraproject.org/archives/list/[email protected]/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/

nvd.nist.gov/vuln/detail/CVE-2022-27664

pkg.go.dev/vuln/GO-2022-0969

security.gentoo.org/glsa/202209-26

security.netapp.com/advisory/ntap-20220923-0004/

redhat 23

nessus 73

oraclelinux 9

ibm 23

github 1

nvd 1

cvelist 1

cbl_mariner 4

osv 15

openvas 14

alpinelinux 1

amazon 3

debiancve 1

redhatcve 1

almalinux 11

veracode 1

cve 1

wolfi 1

gitlab 1

prion 1

cgr 1

ubuntucve 1

altlinux 1

suse 2

fedora 2

freebsd 1

photon 2

gentoo 1

mageia 1

rocky 1

redhat

(RHSA-2023:4734) Moderate: OpenShift Container Platform 4.13.10 security update

2023-08-30 19:30:07

(RHSA-2023:2177) Moderate: grafana-pcp security and enhancement update

2023-05-09 05:02:19

(RHSA-2023:4674) Moderate: OpenShift Container Platform 4.12.30 packages and security update

2023-08-23 16:37:39

nessus

Oracle Linux 9 : grafana-pcp (ELSA-2023-2177)

2023-05-15 00:00:00

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-2822)

2022-12-21 00:00:00

RHEL 8 : grafana-pcp (RHSA-2023:2785)

2023-05-16 00:00:00

oraclelinux

grafana-pcp security update

2023-05-24 00:00:00

grafana-pcp security and enhancement update

2023-05-15 00:00:00

grafana security update

2023-05-24 00:00:00

ibm

Security Bulletin: Open Source Dependency Vulnerability

2023-05-15 16:46:13

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Golang Go (CVE-2022-27664)

2023-02-01 15:47:21

Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability CVE-2022-27664

2023-01-24 15:43:39

github

golang.org/x/net/http2 Denial of Service vulnerability

2022-09-07 00:01:51

nvd

CVE-2022-27664

2022-09-06 18:15:12

cvelist

CVE-2022-27664

2022-09-06 17:29:08

cbl_mariner

CVE-2022-27664 affecting package golang 1.17.13-2

2024-06-29 03:09:33

CVE-2022-27664 affecting package kured for versions less than 1.13.2-1

2023-11-15 20:12:47

CVE-2022-27664 affecting package golang for versions less than 1.18.8-1

2024-02-25 03:00:06

osv

golang.org/x/net/http2 Denial of Service vulnerability

2022-09-07 00:01:51

Denial of service in net/http and golang.org/x/net/http2

2022-09-12 20:23:06

BIT-golang-2022-27664

2024-03-06 11:01:48

openvas

SUSE: Security Advisory (SUSE-SU-2022:3325-1)

2022-09-22 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-2847)

2022-12-22 00:00:00

openSUSE: Security Advisory for go1.18 (SUSE-SU-2022:3325-1)

2022-09-22 00:00:00

alpinelinux

CVE-2022-27664

2022-09-06 18:15:12

amazon

Medium: golang

2022-09-30 07:04:00

Important: amazon-ssm-agent

2023-08-30 18:41:00

Important: amazon-ssm-agent

2023-08-31 22:30:00

debiancve

CVE-2022-27664

2022-09-06 18:15:12

redhatcve

CVE-2022-27664

2022-09-08 00:18:20

almalinux

Moderate: grafana-pcp security update

2023-05-16 00:00:00

Moderate: grafana-pcp security and enhancement update

2023-05-09 00:00:00

Moderate: butane security, bug fix, and enhancement update

2023-05-09 00:00:00

veracode

Denial Of Service (DoS)

2022-09-07 08:33:55

cve

CVE-2022-27664

2022-09-06 18:15:12

wolfi

CVE-2022-27664 vulnerabilities

2024-06-29 03:08:33

gitlab

golang.org/x/net/http2 Denial of Service vulnerability

2022-09-07 00:00:00

prion

Code injection

2022-09-06 18:15:00

cgr

CVE-2022-27664 vulnerabilities

2024-05-19 03:07:16

ubuntucve

CVE-2022-27664

2022-09-06 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.18.6-alt1

2022-09-14 00:00:00

suse

Security update for go1.18 (important)

2022-09-21 00:00:00

Security update for go1.19 (important)

2022-09-21 00:00:00

fedora

[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36

2022-09-13 01:30:19

[SECURITY] Fedora 37 Update: golang-1.19.1-1.fc37

2022-09-16 00:17:41

freebsd

go -- multiple vulnerabilities

2022-09-06 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0519

2022-09-20 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0455

2022-09-20 00:00:00

gentoo

Go: Multiple Vulnerabilities

2022-09-29 00:00:00

mageia

Updated golang packages fix security vulnerability

2022-10-05 08:23:49

rocky

git-lfs security and bug fix update

2022-10-25 07:32:51

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for GITLAB-856A3D83B80945B8096BF22AD35F38A1