PT-2022-4659 · Go+10 · Go+10

Anthony Gavazzi

Published

2022-09-06

Updated

2026-04-07

CVE-2022-27664

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1

Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial of service. This can be exploited by a malicious client. The vulnerability is also associated with a lack of input data sanitization, which can impact the confidentiality, integrity, and availability of protected information.

Recommendations For Go versions prior to 1.18.6, update to version 1.18.6 or later to resolve the issue. For Go versions 1.19.x prior to 1.19.1, update to version 1.19.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/http package to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2022:7129

ALSA-2023:2167

ALSA-2023:2177

ALSA-2023:2193

ALSA-2023:2204

ALSA-2023:2236

ALSA-2023:2357

ALSA-2023:2758

ALSA-2023:2780

ALSA-2023:2784

ALSA-2023:2785

ALSA-2023:2802

ALSA-2024:0121

ALT-PU-2022-2615

ALT-PU-2022-2873

ALT-PU-2022-3295

ALT-PU-2023-1205

ALT-PU-2023-4133

ALT-PU-2023-4346

ALT-PU-2023-4567

AZL-10855

AZL-31963

AZL-37328

AZL-52863

AZL-79106

BDU:2022-05544

BIT-GOLANG-2022-27664

CESA-2022_7129

CESA-2023_0446

CESA-2023_2758

CESA-2023_2780

CESA-2023_2784

CESA-2023_2785

CESA-2023_2802

CESA-2024_0121

CLEANSTART-2026-HV28992

CVE-2022-27664

GHSA-69CG-P879-7622

GO-2022-0969

MGASA-2022-0356

OESA-2022-1939

OPENSUSE-SU-2022_3325-1

OPENSUSE-SU-2022_3326-1

OPENSUSE-SU-2024:12309-1

OPENSUSE-SU-2024:12310-1

OPENSUSE-SU-2024:12600-1

OPENSUSE-SU-2024:12723-1

OPENSUSE-SU-2024:12781-1

OPENSUSE-SU-2024:12810-1

OPENSUSE-SU-2024:13239-1

OPENSUSE-SU-2024:14121-1

OPENSUSE-SU-2025:0103-1

RHSA-2022:7129

RHSA-2022:7398

RHSA-2022:8626

RHSA-2022_7129

RHSA-2023:0328

RHSA-2023:0446

RHSA-2023:0708

RHSA-2023:1275

RHSA-2023:2167

RHSA-2023:2177

RHSA-2023:2193

RHSA-2023:2204

RHSA-2023:2236

RHSA-2023:2357

RHSA-2023:2758

RHSA-2023:2780

RHSA-2023:2784

RHSA-2023:2785

RHSA-2023:2802

RHSA-2023:3204

RHSA-2023:3613

RHSA-2023:4674

RHSA-2023:4734

RHSA-2023:5009

RHSA-2023_0328

RHSA-2023_0446

RHSA-2023_2167

RHSA-2023_2177

RHSA-2023_2193

RHSA-2023_2204

RHSA-2023_2236

RHSA-2023_2357

RHSA-2023_2758

RHSA-2023_2780

RHSA-2023_2784

RHSA-2023_2785

RHSA-2023_2802

RHSA-2024:0121

RHSA-2024_0121

RLSA-2022:7129

SUSE-SU-2022:3325-1

SUSE-SU-2022:3326-1

SUSE-SU-2022_3325-1

SUSE-SU-2022_3326-1

SUSE-SU-2023:2183-1

SUSE-SU-2023:2185-1

SUSE-SU-2023:2187-1

SUSE-SU-2023:2312-1

SUSE-SU-2023:2575-1

SUSE-SU-2023:2578-1

SUSE-SU-2023:2579-1

SUSE-SU-2024:0191-1

SUSE-SU-2024:0196-1

USN-6038-1

USN-6038-2

USN-8089-1

USN-8089-2

USN-8089-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-4659 · Go+10 · Go+10

CVE-2022-27664

Weakness Enumeration

Related Identifiers

Affected Products

References · 462