DEBIAN-CVE-2022-1705

DEBIAN-CVE-2022-1705 PUBLISHED CVSS 6.5 MEDIUM

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:12	golang-1.19	0, 0, 0
Debian:11	golang-1.15	0, 1.15.15-1, 1.15.15-1

Timeline

Aug 10, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-1705 advisory

Open in Interactive Console →