883665 – (CVE-2022-27664) [Tracker] Denial of service in Go's net/http

Bug 883665 (CVE-2022-27664) - [Tracker] Denial of service in Go's net/http

Summary: [Tracker] Denial of service in Go's net/http

Status:	CONFIRMED

Alias:	CVE-2022-27664

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:	883653 CVE-2022-32190
Blocks:
	Show dependency tree

Reported:	2022-11-29 19:25 UTC by John Helmert III
Modified:	2022-11-29 19:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-11-29 19:25:37 UTC

CVE-2022-27664:

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Format For Printing
- XML
- Clone This Bug
- Clone In The Same Product
- Top of page