CVE-2022-27664 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Affected Products (NVD)

Vendor	Product	Version
golang	go	𝑥 < 1.18.6
golang	go	1.19.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

golang-1.15

bullseye	vulnerable
buster	postponed

golang-1.19

bookworm	1.19.8-2 fixed
bullseye	no-dsa
buster	postponed

golang-golang-x-net

bookworm	1:0.7.0+dfsg-1 fixed
bullseye	no-dsa
buster	postponed
sid	1:0.27.0-1 fixed
trixie	1:0.27.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

containerd

bionic	not-affected
focal	not-affected
jammy	not-affected
lunar	ignored
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	not-affected

golang

bionic	dne
focal	dne
jammy	dne
trusty	ignored
xenial	ignored

golang-1.10

bionic	needed
focal	dne
jammy	dne
trusty	needed
xenial	needed

golang-1.13

bionic	Fixed 1.13.8-1ubuntu1~18.04.4+esm1 released
focal	Fixed 1.13.8-1ubuntu1.2 released
jammy	Fixed 1.13.8-1ubuntu2.22.04.2 released
kinetic	ignored
lunar	dne
mantic	dne
noble	dne
trusty	ignored
xenial	Fixed 1.13.8-1ubuntu1~16.04.3+esm3 released

golang-1.14

bionic	dne
focal	needed
jammy	dne
trusty	ignored
xenial	ignored

golang-1.16

bionic	Fixed 1.16.2-0ubuntu1~18.04.2+esm1 released
focal	Fixed 1.16.2-0ubuntu1~20.04.1 released
jammy	dne
trusty	ignored
xenial	ignored

golang-1.17

bionic	dne
focal	dne
jammy	needed
trusty	ignored
xenial	ignored

golang-1.18

bionic	Fixed 1.18.1-1ubuntu1~18.04.4 released
focal	Fixed 1.18.1-1ubuntu1~20.04.2 released
jammy	Fixed 1.18.1-1ubuntu1.1 released
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	ignored
xenial	Fixed 1.18.1-1ubuntu1~16.04.4 released

golang-1.6

bionic	dne
focal	dne
jammy	dne
trusty	ignored
xenial	needed

golang-1.8

bionic	needed
focal	dne
jammy	dne
trusty	ignored
xenial	ignored

golang-1.9

bionic	needed
focal	dne
jammy	dne
trusty	ignored
xenial	ignored

golang-golang-x-net

bionic	dne
focal	dne
jammy	needed
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	dne

golang-golang-x-net-dev

bionic	needs-triage
focal	needs-triage
jammy	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	needs-triage

google-guest-agent

bionic	needs-triage
focal	Fixed 20231004.02-0ubuntu1~20.04.3 released
jammy	Fixed 20231004.02-0ubuntu1~22.04.3 released
lunar	ignored
mantic	Fixed 20230426.00-0ubuntu2 released
noble	Fixed 20230426.00-0ubuntu2 released
trusty	dne
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

bind

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

bind-chrootenv

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

bind-devel

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

bind-doc

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

bind-utils

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

golang-github-prometheus-node_exporter

suse enterprise server 15 SP1	1.5.0-150100.3.23.2 fixed
suse enterprise server 15 SP2	1.5.0-150100.3.23.2 fixed
suse enterprise server 15 SP3	1.5.0-150100.3.23.2 fixed
suse enterprise server 15 SP4	1.5.0-150100.3.23.2 fixed

libbind9-1600

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libdns1605

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libirs-devel

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libirs1601

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libisc1606

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libisccc1600

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libisccfg1600

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

libns1604

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

python3-bind

suse enterprise server 15 SP1	9.16.6-150000.12.65.1 fixed
suse enterprise server 15 SP2	9.16.6-150000.12.65.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

butane

RHEL 9

0:0.16.0-1.el9

fixed

git-lfs

RHEL 9

0:3.2.0-1.el9

fixed

golang

RHEL 9

0:1.18.9-1.el9_1

fixed

golang-bin

RHEL 9

0:1.18.9-1.el9_1

fixed

golang-docs

RHEL 9

0:1.18.9-1.el9_1

fixed

golang-misc

RHEL 9

0:1.18.9-1.el9_1

fixed

golang-race

RHEL 9

0:1.18.9-1.el9_1

fixed

golang-src

RHEL 9

0:1.18.9-1.el9_1

fixed

golang-tests

RHEL 9

0:1.18.9-1.el9_1

fixed

grafana

RHEL 9

0:9.0.9-2.el9

fixed

grafana-pcp

RHEL 9

0:5.1.1-1.el9

fixed

osbuild-composer

RHEL 8	0:75-1.el8 fixed
RHEL 9	0:76-2.el9_2 fixed

osbuild-composer-core

RHEL 8	0:75-1.el8 fixed
RHEL 9	0:76-2.el9_2 fixed

osbuild-composer-dnf-json

RHEL 8	0:75-1.el8 fixed
RHEL 9	0:76-2.el9_2 fixed

osbuild-composer-worker

RHEL 8	0:75-1.el8 fixed
RHEL 9	0:76-2.el9_2 fixed

toolbox

RHEL 9

0:0.0.99.3-9.el9

fixed

toolbox-tests

RHEL 9

0:0.0.99.3-9.el9

fixed

weldr-client

RHEL 8	0:35.9-2.el8 fixed
RHEL 9	0:35.9-1.el9 fixed

References

https://groups.google.com/g/golang-announce

https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/

https://security.gentoo.org/glsa/202209-26

https://security.netapp.com/advisory/ntap-20220923-0004/

https://groups.google.com/g/golang-announce

https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/

https://security.gentoo.org/glsa/202209-26

https://security.netapp.com/advisory/ntap-20220923-0004/