Dena

H2o

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-45403

  • EPSS 0.53%
  • Veröffentlicht 11.10.2024 15:15:05
  • Zuletzt bearbeitet 12.11.2024 19:59:51

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to m...

7.5

CVE-2024-45397

  • EPSS 0.15%
  • Veröffentlicht 11.10.2024 15:15:04
  • Zuletzt bearbeitet 12.11.2024 20:14:25

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not d...

4.3

CVE-2024-25622

Exploit
  • EPSS 0.07%
  • Veröffentlicht 11.10.2024 15:15:03
  • Zuletzt bearbeitet 12.11.2024 20:04:39

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner sc...

7.5

CVE-2023-50247

  • EPSS 0.56%
  • Veröffentlicht 12.12.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:36:44

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote atta...

6.7

CVE-2023-41337

  • EPSS 0.08%
  • Veröffentlicht 12.12.2023 20:15:07
  • Zuletzt bearbeitet 21.11.2024 08:21:06

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a ma...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

8.2

CVE-2023-30847

  • EPSS 0.26%
  • Veröffentlicht 27.04.2023 15:15:13
  • Zuletzt bearbeitet 21.11.2024 08:00:57

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to cra...

5.9

CVE-2021-43848

  • EPSS 13.3%
  • Veröffentlicht 01.02.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 06:29:55

h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized mem...

9.8

CVE-2018-0608

  • EPSS 2.57%
  • Veröffentlicht 26.06.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:38:34

Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.

7.5

CVE-2017-10908

  • EPSS 1.34%
  • Veröffentlicht 22.12.2017 14:29:12
  • Zuletzt bearbeitet 20.04.2025 01:37:25

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.