Search for vulnerabilities
Vulnerability details: VCID-7jyw-7cbe-aaag
Vulnerability ID VCID-7jyw-7cbe-aaag
Aliases CVE-2022-1705
Summary Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:5068
rhas Important https://access.redhat.com/errata/RHSA-2022:5775
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Important https://access.redhat.com/errata/RHSA-2022:5866
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Important https://access.redhat.com/errata/RHSA-2022:6113
rhas Important https://access.redhat.com/errata/RHSA-2022:6187
rhas Important https://access.redhat.com/errata/RHSA-2022:6188
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-1705
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2107374
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1705
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1705
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/409874
https://go.dev/cl/410714
https://go.dev/issue/53188
https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://pkg.go.dev/vuln/GO-2022-0525
2107374 https://bugzilla.redhat.com/show_bug.cgi?id=2107374
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705
RHSA-2022:5068 https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6113 https://access.redhat.com/errata/RHSA-2022:6113
RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6183 https://access.redhat.com/errata/RHSA-2022:6183
RHSA-2022:6187 https://access.redhat.com/errata/RHSA-2022:6187
RHSA-2022:6188 https://access.redhat.com/errata/RHSA-2022:6188
RHSA-2022:6283 https://access.redhat.com/errata/RHSA-2022:6283
RHSA-2022:6344 https://access.redhat.com/errata/RHSA-2022:6344
RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345
RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346
RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348
RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370
RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430
RHSA-2022:7129 https://access.redhat.com/errata/RHSA-2022:7129
RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399
RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
RHSA-2022:7529 https://access.redhat.com/errata/RHSA-2022:7529
RHSA-2022:7648 https://access.redhat.com/errata/RHSA-2022:7648
RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057
RHSA-2022:8098 https://access.redhat.com/errata/RHSA-2022:8098
RHSA-2022:8250 https://access.redhat.com/errata/RHSA-2022:8250
RHSA-2022:8626 https://access.redhat.com/errata/RHSA-2022:8626
RHSA-2022:9047 https://access.redhat.com/errata/RHSA-2022:9047
RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275
RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357
RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2023:3664 https://access.redhat.com/errata/RHSA-2023:3664
USN-6038-1 https://usn.ubuntu.com/6038-1/
USN-6038-2 https://usn.ubuntu.com/6038-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1705
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1705
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.07575
EPSS Score 0.00032
Published At May 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.