LIN1021-4008 : Security Advisory - go - CVE-2022-27664
Created: Jul 21, 2022
Updated: Oct 27, 2022
Resolved Date: Oct 17, 2022
Found In Version: 10.21.20.1
Fix Version: 10.21.20.14
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
Description
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
https://nvd.nist.gov/vuln/detail/CVE-2022-27664