blob: 7a1de40bb54ef55eb9dc3cd7a939d4410dfda86c [file] [log] [blame]
[{"id":"STD","affected":[{"package":{"name":"stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.18.0"}]}],"ecosystem_specific":{"imports":[{"path":"archive/zip","symbols":["OpenReader"]}]}}]},{"id":"GO-2022-0969","published":"2022-09-12T20:23:06Z","modified":"2022-09-12T20:23:06Z","aliases":["CVE-2022-27664"],"details":"HTTP/2 server connections can hang forever waiting for a clean shutdown\nthat was preempted by a fatal error. This condition can be exploited\nby a malicious client to cause a denial of service.\n","affected":[{"package":{"name":"stdlib","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.18.6"},{"introduced":"1.19.0"},{"fixed":"1.19.1"}]}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0969"},"ecosystem_specific":{"imports":[{"path":"net/http","symbols":["ListenAndServe","ListenAndServeTLS","Serve","ServeTLS","Server.ListenAndServe","Server.ListenAndServeTLS","Server.Serve","Server.ServeTLS","http2Server.ServeConn","http2serverConn.goAway"]}]}},{"package":{"name":"golang.org/x/net","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20220906165146-f3363e06e74c"}]}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0969"},"ecosystem_specific":{"imports":[{"path":"golang.org/x/net/http2","symbols":["Server.ServeConn","serverConn.goAway"]}]}}],"references":[{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"},{"type":"REPORT","url":"https://go.dev/issue/54658"},{"type":"FIX","url":"https://go.dev/cl/428735"}]}]