Page 2 of 16 results (0.005 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. • https://github.com/h2o/h2o/commit/8c0eca3 https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4 • CWE-908: Use of Uninitialized Resource •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. Desbordamiento de búfer en H2O, en versiones 2.2.4 y anteriores, permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN93226941/index.html https://github.com/h2o/h2o/issues/1775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. H2O en sus versiones 2.2.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (DoS) en el servidor mediante cabeceras HTTP/1 especialmente manipuladas. • https://github.com/h2o/h2o/issues/1459 https://jvn.jp/en/jp/JVN84182676/index.html • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. H2O en sus versiones 2.2.3 y anteriores permite que atacantes remotos provoquen una denegación de servicio (DoS) en el servidor mediante vectores no especificados. • https://github.com/h2o/h2o/issues/1543 https://jvn.jp/en/jp/JVN84182676/index.html • CWE-118: Incorrect Access of Indexable Resource ('Range Error') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. H2O en sus versiones 2.2.3 y anteriores permite que atacantes remotos provoquen una denegación de servicio (DoS) en el servidor mediante cabeceras HTTP/2 especialmente manipuladas. • https://github.com/h2o/h2o/issues/1544 https://jvn.jp/en/jp/JVN84182676/index.html • CWE-20: Improper Input Validation •