CVE-2022-1705
Published on: Not Yet Published
Last Modified on: 06/08/2023 09:09:41 PM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
- CVE-2022-1705 has been assigned by
secu[email protected] to track the vulnerability - currently rated as MEDIUM severity. - Affected Vendor/Software: Go standard library - net/http version < 1.17.12
- Affected Vendor/Software: Go standard library - net/http version < 1.18.4
CVSS3 Score: 6.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | LOW | LOW | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| No Description Provided | go.dev text/html |
MISC go.dev/cl/409874 |
| net/http: improper sanitization of Transfer-Encoding header · Issue #53188 · golang/go · GitHub | go.dev text/html |
MISC go.dev/issue/53188 |
| [security] Go 1.18.4 and Go 1.17.12 are released | groups.google.com text/html |
MISC groups.google.com/g/golang-announce/c/nqrv9fbR0zE |
| e5017a93fcde94f09836200bca55324af037ee5f - go - Git at Google | go.googlesource.com text/html |
MISC go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f |
| GO-2022-0525 - Go Packages | pkg.go.dev text/html |
MISC pkg.go.dev/vuln/GO-2022-0525 |
| [SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-30c5ed5625 |
| No Description Provided | go.dev text/html |
MISC go.dev/cl/410714 |
Related QID Numbers
- 160009 Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2022-5799)
- 160017 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2022-5775)
- 160173 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2022-7129)
- 160202 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-23681)
- 160237 Oracle Enterprise Linux Security Update for container-tools:3.0 (ELSA-2022-7529)
- 160238 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-7519)
- 160241 Oracle Enterprise Linux Security Update for grafana-pcp (ELSA-2022-7648)
- 160278 Oracle Enterprise Linux Security Update for grafana (ELSA-2022-8057)
- 160306 Oracle Enterprise Linux Security Update for grafana-pcp (ELSA-2022-8250)
- 160322 Oracle Enterprise Linux Security Update for ol8addon (ELSA-2022-24267)
- 160582 Oracle Enterprise Linux Security Update for git-lfs (ELSA-2023-2357)
- 160678 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2023-2758)
- 160696 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2023-2802)
- 184486 Debian Security Update for golang-1.19 (CVE-2022-1705)
- 199304 Ubuntu Security Notification for Go Vulnerabilities (USN-6038-1)
- 240580 Red Hat Update for go-toolset:rhel8 (RHSA-2022:5775)
- 240639 Red Hat Update for go-toolset and golang (RHSA-2022:5799)
- 240773 Red Hat Update for git-lfs (RHSA-2022:7129)
- 240821 Red Hat Update for container-tools:3.0 (RHSA-2022:7529)
- 240839 Red Hat Update for grafana-pcp (RHSA-2022:7648)
- 240850 Red Hat Update for grafana security (RHSA-2022:7519)
- 240889 Red Hat Update for toolbox (RHSA-2022:8098)
- 240902 Red Hat Update for grafana security (RHSA-2022:8057)
- 240903 Red Hat Update for grafana-pcp (RHSA-2022:8250)
- 240949 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2022:8626)
- 241268 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1275)
- 241467 Red Hat Update for git-lfs (RHSA-2023:2357)
- 241486 Red Hat Update for container-tools:4.0 (RHSA-2023:2802)
- 241505 Red Hat Update for container-tools:rhel8 security (RHSA-2023:2758)
- 283049 Fedora Security Update for fzf (FEDORA-2022-30c5ed5625)
- 354064 Amazon Linux Security Advisory for golist : ALAS2-2022-1847
- 354067 Amazon Linux Security Advisory for golang : ALAS2-2022-1846
- 354069 Amazon Linux Security Advisory for golang : ALAS-2022-1635
- 354083 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2022-020
- 354088 Amazon Linux Security Advisory for golang-github-syndtr-gocapability : ALAS2-2022-1865
- 354089 Amazon Linux Security Advisory for golang-googlecode-sqlite : ALAS2-2022-1862
- 354090 Amazon Linux Security Advisory for golang-github-kr-pty : ALAS2-2022-1864
- 354091 Amazon Linux Security Advisory for go-rpm-macros : ALAS2-2022-1863
- 354092 Amazon Linux Security Advisory for golang-googlecode-net : ALAS2-2022-1861
- 354093 Amazon Linux Security Advisory for golang-github-gorilla-mux : ALAS2-2022-1860
- 354094 Amazon Linux Security Advisory for golang-github-gorilla-context : ALAS2-2022-1859
- 354096 Amazon Linux Security Advisory for golang-github-godbus-dbus : ALAS2-2022-1858
- 354297 Amazon Linux Security Advisory for golang : ALAS2022-2022-128
- 354370 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2022-2022-140
- 354493 Amazon Linux Security Advisory for golist : ALAS2022-2022-133
- 354504 Amazon Linux Security Advisory for golist : ALAS2022-2022-192
- 354527 Amazon Linux Security Advisory for golang : ALAS2022-2022-193
- 354566 Amazon Linux Security Advisory for golang : ALAS-2022-193
- 355111 Amazon Linux Security Advisory for golist : ALAS2023-2023-046
- 355186 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2023-2023-047
- 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
- 356304 Amazon Linux Security Advisory for golang : ALASGOLANG1.19-2023-002
- 376985 Alibaba Cloud Linux Security Update for go-toolset:rhel8 (ALINUX3-SA-2022:0152)
- 377746 Alibaba Cloud Linux Security Update for git-lfs (ALINUX3-SA-2022:0180)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 502459 Alpine Linux Security Update for go
- 502857 Alpine Linux Security Update for go
- 672294 EulerOS Security Update for golang (EulerOS-SA-2022-2651)
- 672302 EulerOS Security Update for golang (EulerOS-SA-2022-2683)
- 690898 Free Berkeley Software Distribution (FreeBSD) Security Update for go (a4f2416c-02a0-11ed-b817-10c37b4ac2ea)
- 710584 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202208-02)
- 752444 SUSE Enterprise Linux Security Update for go1.17 (SUSE-SU-2022:2671-1)
- 753134 SUSE Enterprise Linux Security Update for go1.18 (SUSE-SU-2022:2672-1)
- 754047 SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)
- 770168 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2022:8626)
- 902723 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10511)
- 902742 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10529)
- 903962 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10529-1)
- 903985 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10511-1)
- 940609 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2022:5775)
- 940627 AlmaLinux Security Update for go-toolset and golang (ALSA-2022:5799)
- 940722 AlmaLinux Security Update for git-lfs (ALSA-2022:7129)
- 940744 AlmaLinux Security Update for grafana-pcp (ALSA-2022:7648)
- 940770 AlmaLinux Security Update for grafana (ALSA-2022:7519)
- 940773 AlmaLinux Security Update for container-tools:3.0 (ALSA-2022:7529)
- 940805 AlmaLinux Security Update for grafana-pcp (ALSA-2022:8250)
- 940816 AlmaLinux Security Update for toolbox (ALSA-2022:8098)
- 940826 AlmaLinux Security Update for grafana (ALSA-2022:8057)
- 941053 AlmaLinux Security Update for git-lfs (ALSA-2023:2357)
- 941090 AlmaLinux Security Update for container-tools:4.0 (ALSA-2023:2802)
- 941116 AlmaLinux Security Update for container-tools:rhel8 (ALSA-2023:2758)
- 960463 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2022:5775)
- 960528 Rocky Linux Security Update for grafana (RLSA-2022:8057)
- 960541 Rocky Linux Security Update for grafana-pcp (RLSA-2022:8250)
- 960563 Rocky Linux Security Update for grafana-pcp (RLSA-2022:7648)
- 960593 Rocky Linux Security Update for toolbox (RLSA-2022:8098)
- 960603 Rocky Linux Security Update for container-tools:3.0 (RLSA-2022:7529)
- 960612 Rocky Linux Security Update for go-toolset and golang (RLSA-2022:5799)
Exploit/POC from Github
This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file i…
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Golang | Go | All | All | All | All |
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @eguchi3 |
セキュリティアップデート: CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, CVE-2022-30633, CVE-2022-28131, CVE-2022-30635, CVE-… twitter.com/i/web/status/1… | 2022-07-14 22:08:45 |
| @CVEreport |
CVE-2022-1705 : Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.1… twitter.com/i/web/status/1… | 2022-08-10 20:21:39 |
 /r/homeassistant |
I found a cryptocurrency miner in my home-assistant container | 2023-08-25 09:48:49 |