Unrated severityNVD Advisory· Published Aug 9, 2022· Updated Mar 6, 2026
Improper sanitization of Transfer-Encoding headers in net/http
CVE-2022-1705
Description
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Affected products
76- osv-coords75 versionspkg:bitnami/golangpkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/delvepkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/git-lfspkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/almalinux/grafanapkg:rpm/almalinux/grafana-pcppkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.18&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.18&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.18-openssl&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/go1.17&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.18-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 1.17.12+ 74 more
- (no CPE)range: < 1.17.12
- (no CPE)range: < 2:1.5.0-2.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1.19.9-6.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 1.19.9-6.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 29-2.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 2:2.0.26-3.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 0.9.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1:1.2.4-2.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 2:2.189.0-1.module_el8.7.0+3406+a17c4180
- (no CPE)range: < 3.15-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.15-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 3.15-3.module_el8.7.0+3407+95aa0ca9
- (no CPE)range: < 0.18-3.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1.7.2-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.4.0-2.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 2.13.3-3.el8_6
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 1.17.12-1.module_el8.6.0+3065+e17ed2d4
- (no CPE)range: < 7.5.15-3.el8
- (no CPE)range: < 3.2.0-2.el8
- (no CPE)range: < 4.3.1-1.module_el8.6.0+3136+bfcd65b6
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 2:1.5.0-4.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1.2.0-3.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.0.1-13.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 3.0.1-13.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 3.0.1-13.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 3:4.4.1-8.module_el8.8.0+3568+e8578284
- (no CPE)range: < 3.0.1-13.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 3.0.1-13.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 3.0.1-13.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 3.15-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 4.4.1-1.module_el8.8.0+3470+252b1910
- (no CPE)range: < 1.0.0-73.rc95.module_el8.6.0+3136+bfcd65b6
- (no CPE)range: < 1:1.2.4-2.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 1:1.2.4-2.module_el8.7.0+3297+1eb250cf
- (no CPE)range: < 1.1.8-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 0.0.99.3-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 0.0.99.3-1.module_el8.6.0+3136+bfcd65b6
- (no CPE)range: < 0.2.4-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.12-1.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.4-1.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.17.13-150000.1.42.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.5-150000.1.25.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- (no CPE)range: < 1.18.10.1-150000.1.9.1
- Go standard library/net/httpv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.