Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS02OWNnLXA4NzktNzYyMs4AAuoj

golang.org/x/net/http2 Denial of Service vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Permalink: https://github.com/advisories/GHSA-69cg-p879-7622
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OWNnLXA4NzktNzYyMs4AAuoj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 6 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-69cg-p879-7622, CVE-2022-27664
References:

• https://nvd.nist.gov/vuln/detail/CVE-2022-27664
• https://groups.google.com/g/golang-announce
• https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
• https://security.gentoo.org/glsa/202209-26
• https://pkg.go.dev/vuln/GO-2022-0969
• https://go.dev/cl/428735
• https://go.dev/issue/54658
• https://lists.fedoraproject.org/archives/list/[email protected]/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF
• https://lists.fedoraproject.org/archives/list/[email protected]/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX
• https://security.netapp.com/advisory/ntap-20220923-0004
• https://github.com/advisories/GHSA-69cg-p879-7622

Blast Radius: 40.8

Affected Packages