{"id":"GO-2022-0969","summary":"Denial of service in net/http and golang.org/x/net/http2","details":"HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service.","aliases":["BIT-golang-2022-27664","CVE-2022-27664","GHSA-69cg-p879-7622"],"modified":"2026-03-17T04:29:05.724244Z","published":"2022-09-12T20:23:06Z","related":["CGA-7ff8-rp83-p2c7"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0969","review_status":"REVIEWED"},"references":[{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"},{"type":"REPORT","url":"https://go.dev/issue/54658"},{"type":"FIX","url":"https://go.dev/cl/428735"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.18.6"},{"introduced":"1.19.0-0"},{"fixed":"1.19.1"}]}],"ecosystem_specific":{"imports":[{"symbols":["ListenAndServe","ListenAndServeTLS","Serve","ServeTLS","Server.ListenAndServe","Server.ListenAndServeTLS","Server.Serve","Server.ServeTLS","http2Server.ServeConn","http2serverConn.goAway"],"path":"net/http"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0969.json"}},{"package":{"name":"golang.org/x/net","ecosystem":"Go","purl":"pkg:golang/golang.org/x/net"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20220906165146-f3363e06e74c"}]}],"ecosystem_specific":{"imports":[{"symbols":["Server.ServeConn","serverConn.goAway"],"path":"golang.org/x/net/http2"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0969.json"}}],"schema_version":"1.7.5","credits":[{"name":"Bahruz Jabiyev"},{"name":"Tommaso Innocenti"},{"name":"Anthony Gavazzi"},{"name":"Steven Sprecher"},{"name":"Kaan Onarlioglu"}]}