CVE-2022-27664

Public on 2022-09-06

Modified on 2024-04-08

Description

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Severity

Medium

CVSS v3 Base Score

7.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	amazon-ssm-agent	2023-08-30	ALAS-2023-1825	Fixed
Amazon Linux 2 - Core	amazon-ssm-agent	2023-08-31	ALAS2-2023-2238	Fixed
Amazon Linux 2023	amazon-ssm-agent	2023-08-31	ALAS2023-2023-339	Fixed
Amazon Linux 2 - Docker Extra	containerd	2022-10-03	ALAS2DOCKER-2022-021	Fixed
Amazon Linux 2 - Ecs Extra	containerd	2023-11-09	ALAS2ECS-2023-022	Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	containerd	2023-11-09	ALAS2NITRO-ENCLAVES-2023-034	Fixed
Amazon Linux 2 - Docker Extra	docker	2022-10-03	ALAS2DOCKER-2022-021	Fixed
Amazon Linux 2 - Core	go-rpm-macros	2022-10-17	ALAS2-2022-1863	Fixed
Amazon Linux 1	golang	2022-09-15	ALAS-2022-1635	Fixed
Amazon Linux 2 - Core	golang	2022-09-30	ALAS2-2022-1851	Fixed
Amazon Linux 2 - Golang1.19 Extra	golang	2023-08-07	ALAS2GOLANG1.19-2023-002	Fixed
Amazon Linux 2023	golang	2023-02-17	ALAS2023-2023-048	Fixed
Amazon Linux 2 - Core	golang-github-godbus-dbus	2022-10-17	ALAS2-2022-1858	Fixed
Amazon Linux 2 - Core	golang-github-gorilla-context	2022-10-17	ALAS2-2022-1859	Fixed
Amazon Linux 2 - Core	golang-github-gorilla-mux	2022-10-17	ALAS2-2022-1860	Fixed
Amazon Linux 2 - Core	golang-github-kr-pty	2022-10-17	ALAS2-2022-1864	Fixed
Amazon Linux 2 - Core	golang-github-syndtr-gocapability	2022-10-17	ALAS2-2022-1865	Fixed
Amazon Linux 2 - Core	golang-googlecode-net	2022-10-17	ALAS2-2022-1861	Fixed
Amazon Linux 2 - Core	golang-googlecode-sqlite	2022-10-17	ALAS2-2022-1862	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2022-27664 Mitre: CVE-2022-27664