{"id":"GO-2022-0969","summary":"Denial of service in net/http and golang.org/x/net/http2","details":"HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.","aliases":["BIT-golang-2022-27664","CVE-2022-27664","GHSA-69cg-p879-7622"],"modified":"2026-02-04T02:41:02.475503Z","published":"2022-09-12T20:23:06Z","related":["CGA-7ff8-rp83-p2c7"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2022-0969"},"references":[{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"},{"type":"REPORT","url":"https://go.dev/issue/54658"},{"type":"FIX","url":"https://go.dev/cl/428735"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.18.6"},{"introduced":"1.19.0-0"},{"fixed":"1.19.1"}]}],"ecosystem_specific":{"imports":[{"path":"net/http","symbols":["ListenAndServe","ListenAndServeTLS","Serve","ServeTLS","Server.ListenAndServe","Server.ListenAndServeTLS","Server.Serve","Server.ServeTLS","http2Server.ServeConn","http2serverConn.goAway"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0969.json"}},{"package":{"name":"golang.org/x/net","ecosystem":"Go","purl":"pkg:golang/golang.org/x/net"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20220906165146-f3363e06e74c"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/net/http2","symbols":["Server.ServeConn","serverConn.goAway"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0969.json"}}],"schema_version":"1.7.3","credits":[{"name":"Bahruz Jabiyev"},{"name":"Tommaso Innocenti"},{"name":"Anthony Gavazzi"},{"name":"Steven Sprecher"},{"name":"Kaan Onarlioglu"}]}