cbcvebase.
CVE-2022-27664
published 2022-09-06

CVE-2022-27664: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
canonicallxd>= 0 < 2.0.11-0ubuntu1~16.04.4+esm22.0.11-0ubuntu1~16.04.4+esm2
canonicallxd>= 0 < 3.0.3-0ubuntu1~18.04.2+esm23.0.3-0ubuntu1~18.04.2+esm2
debiangolang-1.15< golang-1.19 1.19.1-1 (bookworm)golang-1.19 1.19.1-1 (bookworm)
debiangolang-1.19< golang-1.19 1.19.1-1 (bookworm)golang-1.19 1.19.1-1 (bookworm)
debiangolang-golang-x-net< golang-1.19 1.19.1-1 (bookworm)golang-1.19 1.19.1-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
golang.orgx_net>= 0 < 0.0.0-20220906165146-f3363e06e74c0.0.0-20220906165146-f3363e06e74c
golang.orgx_net_http2>= 0 < 0.0.0-20220906165146-f3363e06e74c0.0.0-20220906165146-f3363e06e74c
golanggo< 1.18.61.18.6
golanggo
msrcazl3_gcc_13.2.0-7_on_azure_linux_3.0
msrcazl3_golang_1.18.8-1_on_azure_linux_3.0
msrcazl3_golang_1.23.7-1_on_azure_linux_3.0
msrcazl3_golang_1.23.9-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrccbl2_golang_1.17.13-2_on_cbl_mariner_2.0
msrccbl2_golang_1.18.8-1_on_cbl_mariner_2.0
msrccbl2_golang_1.21.6-1_on_cbl_mariner_2.0
msrccbl2_kured_1.13.2-1_on_cbl_mariner_2.0
msrccbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH