Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-27664

Published: 06/09/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Go

Vulnerability Summary

In net/http in Go prior to 1.18.6 and 1.19.x prior to 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang go 1.19.0

golang go

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Amazon Linux AMI: ALAS-2023-1825
The x/crypto/ssh package before 000-20211202192323-5770296d904e of golangorg/x/crypto allows an attacker to panic an SSH server (CVE-2021-43565) A broken cryptographic algorithm flaw was found in golangorg/x/crypto/ssh This issue causes a client to fail authentification with RSA keys to servers that reject signature algorithms based on SHA-2, ...
Red Hat:
In net/http in Go before 1186 and 119x before 1191, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error ...
Red Hat: Moderate: butane security, bug fix, and enhancement update
Synopsis Moderate: butane security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for butane is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...
Red Hat: Moderate: OpenShift Container Platform 4.13.10 security update
Synopsis Moderate: OpenShift Container Platform 41310 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41310 is now available with updates to packages and ima ...
Red Hat: Moderate: git-lfs security and bug fix update
Synopsis Moderate: git-lfs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for git-lfs is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Moderate: OpenShift Virtualization 4.13.0 RPMs security and bug fix update
Synopsis Moderate: OpenShift Virtualization 4130 RPMs security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Virtualization release 4130 is now available with updates to packages ...
Red Hat: Moderate: grafana-pcp security update
Synopsis Moderate: grafana-pcp security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for grafana-pcp is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Red Hat: Moderate: grafana security update
Synopsis Moderate: grafana security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Red Hat: Important: Red Hat OpenStack Platform (etcd) security update
Synopsis Important: Red Hat OpenStack Platform (etcd) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for etcd is now available for Red Hat OpenStack PlatformRed Hat Product Security has rated t ...
Red Hat: Moderate: container-tools:rhel8 security, bug fix, and enhancement update
Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linu ...
Red Hat: Moderate: Image Builder security, bug fix, and enhancement update
Synopsis Moderate: Image Builder security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Re ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 177 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 177 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: OpenShift Container Platform 4.13.10 security update
Synopsis Moderate: OpenShift Container Platform 41310 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41310 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update
Synopsis Moderate: Red Hat OpenShift Service Mesh 227 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Service Mesh 227Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...
Red Hat: Important: Red Hat OpenShift Service Mesh Containers for 2.4.0
Synopsis Important: Red Hat OpenShift Service Mesh Containers for 240 Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh Containers for 240Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...
Red Hat: Moderate: OpenShift Container Platform 4.12.22 packages and security update
Synopsis Moderate: OpenShift Container Platform 41222 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41222 is now available with updates to pac ...
Red Hat: Moderate: OpenShift Container Platform 4.11.16 security update
Synopsis Moderate: OpenShift Container Platform 41116 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41116 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...
Red Hat: Moderate: Image Builder security, bug fix, and enhancement update
Synopsis Moderate: Image Builder security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Re ...
Red Hat: Moderate: OpenShift Container Platform 4.11.17 packages and security update
Synopsis Moderate: OpenShift Container Platform 41117 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41117 is now available withupdates to pack ...
Red Hat: Moderate: container-tools:4.0 security and bug fix update
Synopsis Moderate: container-tools:40 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the container-tools:40 module is now available for Red Hat Enterprise Linux 8Red Hat Produc ...
Red Hat: Moderate: Release of OpenShift Serverless Client kn 1.27.0
Synopsis Moderate: Release of OpenShift Serverless Client kn 1270 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Release of OpenShift Serverless Client kn 1270Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: OpenShift Container Platform 4.12.0 packages and security update
Synopsis Moderate: OpenShift Container Platform 4120 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packag ...
Red Hat: Important: Migration Toolkit for Applications security and bug fix update
Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 610 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: OpenShift Container Platform 4.11.44 bug fix and security update
Synopsis Important: OpenShift Container Platform 41144 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41144 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Moderate: OpenShift Container Platform 4.12.30 packages and security update
Synopsis Moderate: OpenShift Container Platform 41230 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41230 is now available with updates to pac ...
Red Hat: Moderate: grafana-pcp security and enhancement update
Synopsis Moderate: grafana-pcp security and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for grafana-pcp is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...
Red Hat: Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)
Synopsis Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates) Type/Severity Security Advisory: Moderate Topic Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Red Hat: Moderate: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update
Synopsis Moderate: OpenShift Virtualization 4130 Images security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 4130 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as ha ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 111 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 111 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Moderate: RHSA: Submariner 0.14 - bug fix and security updates
Synopsis Moderate: RHSA: Submariner 014 - bug fix and security updates Type/Severity Security Advisory: Moderate Topic Submariner 014 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 27Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: Release of OpenShift Serverless 1.27.0
Synopsis Moderate: Release of OpenShift Serverless 1270 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1270The References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score Description Version ...
Red Hat: Important: Red Hat OpenShift Service Mesh 2.3.1 Containers security update
Synopsis Important: Red Hat OpenShift Service Mesh 231 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 231 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
Synopsis Important: Red Hat Ceph Storage 61 Container security and bug fix update Type/Severity Security Advisory: Important Topic A new container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Red Hat: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Synopsis Moderate: Secondary Scheduler Operator for Red Hat OpenShift 111 security update Type/Severity Security Advisory: Moderate Topic Secondary Scheduler Operator for Red Hat OpenShift 111Red Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Moderate: Red Hat OpenShift (Logging Subsystem) security update
Synopsis Moderate: Red Hat OpenShift (Logging Subsystem) security update Type/Severity Security Advisory: Moderate Topic An update for Logging Subsystem (560) is now available for Red Hat OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System ...
Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 555 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 555 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Moderate: OpenShift Container Platform 4.12.0 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4120 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 176 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 176 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
Amazon Linux 2022: ALAS2022-2022-193
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2022: ALAS2022-2022-144
In net/http in Go before 1186 and 119x before 1191, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error (CVE-2022-27664) JoinPath and URLJoinPath do not remove / path elements appended to a relative path For example, JoinPath("godev", "/go") r ...
Amazon Linux 2: ALAS2-2022-1851
In net/http in Go before 1186 and 119x before 1191, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error (CVE-2022-27664) ...
Amazon Linux 2: ALAS2DOCKER-2022-021
In net/http in Go before 1186 and 119x before 1191, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error (CVE-2022-27664) ...
Amazon Linux 2: ALASECS-2023-022
In net/http in Go before 1186 and 119x before 1191, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error (CVE-2022-27664) ...
Amazon Linux 2: ALASNITRO-ENCLAVES-2023-034
In net/http in Go before 1186 and 119x before 1191, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error (CVE-2022-27664) ...
Amazon Linux 2: ALAS2-2022-1862
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1863
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1861
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1858
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1859
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALASGOLANG1.19-2023-002
An out of bounds read vulnerability was found in debug/macho of the Go standard library When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols An attacker can use this vulnerability ...
Amazon Linux 2: ALAS2-2022-1864
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2023-2238
The x/crypto/ssh package before 000-20211202192323-5770296d904e of golangorg/x/crypto allows an attacker to panic an SSH server (CVE-2021-43565) A broken cryptographic algorithm flaw was found in golangorg/x/crypto/ssh This issue causes a client to fail authentification with RSA keys to servers that reject signature algorithms based on SHA-2, ...
Amazon Linux 2: ALAS2-2022-1865
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...
Amazon Linux 2: ALAS2-2022-1860
A flaw was found in golang The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid (CVE-2022-1705) A flaw was found in the golang standard library, go/parser When callin ...

Github Repositories

https://github.com/iwdgo/htmlutils

Module supporting search and comparison of HTML using trees

Exploring HTML structure HTML is parsed using golangorg/x/net/html which produces a tree The module provides basic functionality to compare HTML tags or nodes and their trees The search of an HTML tag using a *nodeHTML type ignores pointers It always returns the first match By ignoring some properties, tags like <button> are easy to count Text value of a ta

References

NVD-CWE-noinfohttps://groups.google.com/g/golang-announce/c/x49AQzIVX-shttps://groups.google.com/g/golang-announcehttps://security.netapp.com/advisory/ntap-20220923-0004/https://security.gentoo.org/glsa/202209-26https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/https://nvd.nist.govhttps://github.com/iwdgo/htmlutilshttps://alas.aws.amazon.com/ALAS-2023-1825.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook