CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.18.6
golanggo
1.19.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
vulnerable
buster
postponed
golang-1.19
bookworm
1.19.8-2
fixed
bullseye
no-dsa
buster
postponed
golang-golang-x-net
bookworm
1:0.7.0+dfsg-1
fixed
bullseye
no-dsa
buster
postponed
sid
1:0.27.0-1
fixed
trixie
1:0.27.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
containerd
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
not-affected
golang
bionic
dne
focal
dne
jammy
dne
trusty
ignored
xenial
ignored
golang-1.10
bionic
needed
focal
dne
jammy
dne
trusty
needed
xenial
needed
golang-1.13
bionic
Fixed 1.13.8-1ubuntu1~18.04.4+esm1
released
focal
Fixed 1.13.8-1ubuntu1.2
released
jammy
Fixed 1.13.8-1ubuntu2.22.04.2
released
kinetic
ignored
lunar
dne
mantic
dne
noble
dne
trusty
ignored
xenial
Fixed 1.13.8-1ubuntu1~16.04.3+esm3
released
golang-1.14
bionic
dne
focal
needed
jammy
dne
trusty
ignored
xenial
ignored
golang-1.16
bionic
Fixed 1.16.2-0ubuntu1~18.04.2+esm1
released
focal
Fixed 1.16.2-0ubuntu1~20.04.1
released
jammy
dne
trusty
ignored
xenial
ignored
golang-1.17
bionic
dne
focal
dne
jammy
needed
trusty
ignored
xenial
ignored
golang-1.18
bionic
Fixed 1.18.1-1ubuntu1~18.04.4
released
focal
Fixed 1.18.1-1ubuntu1~20.04.2
released
jammy
Fixed 1.18.1-1ubuntu1.1
released
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
ignored
xenial
Fixed 1.18.1-1ubuntu1~16.04.4
released
golang-1.6
bionic
dne
focal
dne
jammy
dne
trusty
ignored
xenial
needed
golang-1.8
bionic
needed
focal
dne
jammy
dne
trusty
ignored
xenial
ignored
golang-1.9
bionic
needed
focal
dne
jammy
dne
trusty
ignored
xenial
ignored
golang-golang-x-net
bionic
dne
focal
dne
jammy
needed
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
golang-golang-x-net-dev
bionic
needs-triage
focal
needs-triage
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needs-triage
google-guest-agent
bionic
needs-triage
focal
Fixed 20231004.02-0ubuntu1~20.04.3
released
jammy
Fixed 20231004.02-0ubuntu1~22.04.3
released
lunar
ignored
mantic
Fixed 20230426.00-0ubuntu2
released
noble
Fixed 20230426.00-0ubuntu2
released
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-chrootenv
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-devel
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-doc
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-utils
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
golang-github-prometheus-node_exporter
suse enterprise server 15 SP1
1.5.0-150100.3.23.2
fixed
suse enterprise server 15 SP2
1.5.0-150100.3.23.2
fixed
suse enterprise server 15 SP3
1.5.0-150100.3.23.2
fixed
suse enterprise server 15 SP4
1.5.0-150100.3.23.2
fixed
libbind9-1600
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libdns1605
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libirs-devel
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libirs1601
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libisc1606
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libisccc1600
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libisccfg1600
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libns1604
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
python3-bind
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
butane
RHEL 9
0:0.16.0-1.el9
fixed
git-lfs
RHEL 9
0:3.2.0-1.el9
fixed
golang
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-bin
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-docs
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-misc
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-race
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-src
RHEL 9
0:1.18.9-1.el9_1
fixed
golang-tests
RHEL 9
0:1.18.9-1.el9_1
fixed
grafana
RHEL 9
0:9.0.9-2.el9
fixed
grafana-pcp
RHEL 9
0:5.1.1-1.el9
fixed
osbuild-composer
RHEL 8
0:75-1.el8
fixed
RHEL 9
0:76-2.el9_2
fixed
osbuild-composer-core
RHEL 8
0:75-1.el8
fixed
RHEL 9
0:76-2.el9_2
fixed
osbuild-composer-dnf-json
RHEL 8
0:75-1.el8
fixed
RHEL 9
0:76-2.el9_2
fixed
osbuild-composer-worker
RHEL 8
0:75-1.el8
fixed
RHEL 9
0:76-2.el9_2
fixed
toolbox
RHEL 9
0:0.0.99.3-9.el9
fixed
toolbox-tests
RHEL 9
0:0.0.99.3-9.el9
fixed
weldr-client
RHEL 8
0:35.9-2.el8
fixed
RHEL 9
0:35.9-1.el9
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-ssm-agent
Amazon Linux 1
0:3.2.1377.0-1.amzn1
fixed
Amazon Linux 2
0:3.2.1377.0-1.amzn2
fixed
Amazon Linux 2023
0:3.2.1705.0-1.amzn2023
fixed
amazon-ssm-agent-debuginfo
Amazon Linux 1
0:3.2.1377.0-1.amzn1
fixed
Amazon Linux 2
0:3.2.1377.0-1.amzn2
fixed
Amazon Linux 2023
0:3.2.1705.0-1.amzn2023
fixed
amazon-ssm-agent-debugsource
Amazon Linux 2023
0:3.2.1705.0-1.amzn2023
fixed
go-filesystem
Amazon Linux 2
0:3.0.15-23.amzn2.0.2
fixed
go-rpm-macros
Amazon Linux 2
0:3.0.15-23.amzn2.0.2
fixed
go-rpm-templates
Amazon Linux 2
0:3.0.15-23.amzn2.0.2
fixed
go-srpm-macros
Amazon Linux 2
0:3.0.15-23.amzn2.0.2
fixed
golang
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-bin
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-docs
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-github-godbus-dbus-devel
Amazon Linux 2
0:0-0.1.gitcb98efb.amzn2.0.2
fixed
golang-github-gorilla-context-devel
Amazon Linux 2
0:0-0.24.gitb06ed15.amzn2.0.4
fixed
golang-github-gorilla-mux-devel
Amazon Linux 2
0:0-0.16.git136d54f.amzn2.0.2
fixed
golang-github-kr-pty-devel
Amazon Linux 2
0:0-0.19.git98c7b80.amzn2.0.3
fixed
golang-github-syndtr-gocapability-devel
Amazon Linux 2
0:0-0.5.git3454319.amzn2.0.3
fixed
golang-googlecode-net-devel
Amazon Linux 2
0:0-0.12.hg84a4013f96e0.amzn2.0.2
fixed
golang-googlecode-sqlite-devel
Amazon Linux 2
0:0-0.9.hg74691fb6f837.amzn2.0.4
fixed
golang-misc
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-race
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-shared
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-src
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
golang-tests
Amazon Linux 1
0:1.18.6-1.42.amzn1
fixed
Amazon Linux 2
0:1.18.6-1.amzn2
fixed
Amazon Linux 2023
0:1.19.3-2.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
golang
Azure Linux 3.0
0:1.18.8-1.azl3
fixed
CBL-Mariner 2.0
0:1.18.8-1.cm2
fixed
kured
CBL-Mariner 2.0
0:1.13.2-1.cm2
fixed