Описание
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.19 | fixed | 1.19.1-1 | package | |
| golang-1.18 | fixed | 1.18.6-1 | package | |
| golang-1.17 | unfixed | package | ||
| golang-1.15 | removed | package | ||
| golang-1.15 | no-dsa | bullseye | package | |
| golang-1.11 | removed | package | ||
| golang-1.11 | postponed | buster | package | |
| golang-golang-x-net | fixed | 1:0.0+git20221012.0b7e1fb+dfsg-1 | package | |
| golang-golang-x-net | no-dsa | bullseye | package | |
| golang-golang-x-net-dev | removed | package | ||
| golang-golang-x-net-dev | postponed | buster | package |
Примечания
https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
https://github.com/golang/go/issues/54658
https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)
https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)
https://github.com/golang/net/commit/f3363e06e74cdc304618bf31d898b78590103527 (v0.1.0)
EPSS
Связанные уязвимости
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
EPSS