Denial of Service Vulnerabilities in Go's net/http Module

Denial of Service Vulnerabilities in Go's net/http Module

First seen 18 Feb 2026, 11:17 UTC Api.Msrc.Microsoft 75% similarity 52.3

Article Content

Browse articles
ThreatCluster

Two denial of service vulnerabilities have been identified in Go's net/http module. CVE-2022-27664, published on September 6, 2022, allows attackers to cause a denial of service due to HTTP/2 connection issues during closing. CVE-2024-24791, published on July 2, 2024, arises from improper handling of the 100-continue response.

ThreatCluster AI

Timeline

2022-09-06
CVE-2022-27664 published
2024-07-02
CVE-2024-24791 published
2026-02-18
Information published about both vulnerabilities

Community

Browse all →