CVE-2020-15586Race Condition in Cf-deployment

CWE-362Race Condition11 documents8 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 30.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cloudfoundry Cf-deploymentCloudfoundry Routing-releaseGolang GO+3 more
Timeline
PublishedJul 17
Latest updateMay 24

Description

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

NVDgolang/go1.14.01.14.5+1
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-9rmg-8r3f-xrq7: Go before 12022-05-24
OSV
Data race and crash in net/http2022-02-17
CVEList
CVE-2020-15586: Go before 12020-07-17
OSV
CVE-2020-15586: Go before 12020-07-17

📋Vendor Advisories

3
Red Hat
golang: data race in certain net/http servers including ReverseProxy can lead to DoS2020-07-14
Microsoft
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers as demonstrated by the httputil.ReverseProxy Handler because it reads a request body and writes a response at the sa2020-07-14
Debian
CVE-2020-15586: golang-1.15 - Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http serv...2020

💬Community

3
Bugzilla
CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS [fedora-all]2020-07-14
Bugzilla
CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS [epel-all]2020-07-14
Bugzilla
CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS2020-07-14
CVE-2020-15586 — Race Condition in Cf-deployment | cvebase