CVE-2022-27664
CVE Details
Last Update
11/7/24
NIST CVE Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Our Official Summary
This Denial of Service is limited to the Golang runtime. For our products, this would be restricted to a few snapshots related to 3rd party containers. There are multiple layers of guard rails (resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. Attackers would also need privileged access to clusters running the container as these containers are not exposed beyond the cluster boundary. These containers are part of an optional feature and are by default not enabled.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette Enterprise 4.5.3, 4.5.8
- Palette VerteX 4.5.3, 4.5.8
Revision History
- 1.0 10/14/2024 Initial Publication
- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products
- 3.0 11/7/2024 Added Palette Enterprise & Palette VerteX 4.5.8 to Affected Products