h2o -- heap buffer overflow during logging

2018-06-01T00:00:00
ID CE39379F-7EB7-11E8-AB03-00BD7F19FF09
Type freebsd
Reporter FreeBSD
Modified 2018-06-01T00:00:00

Description

Marlies Ruck reports:

Fix heap buffer overflow while trying to emit access log - see references for full details. CVE-2018-0608: Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.