Lucene search
K

50 matches found

CVE
CVE
added 3 days ago5 views

CVE-2026-55213

CVE-2026-55213 (h2o HTTP server) – Affected component: lib/http3/qpack.c, invoked while processing a QPACK instruction over HTTP/3. Root cause: on-stack allocation of a large buffer (up to ~800 KB) via alloca, exceeding default musl libc pthread stack size, leading to a segmentation fault when to...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-55213 h2o: musl libc stack overflow (QPACK)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.8 views

CVE-2023-50247

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...

7.5CVSS6.8AI score0.00857EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-41461

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00632EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-55065

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00857EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-43848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain...

7.4CVSS6.3AI score0.02667EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-45403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h...

7.5CVSS5.5AI score0.00632EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-45397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets ...

7.5CVSS5.6AI score0.00438EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-0608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service DoS via unspecified vectors...

9.8CVSS8.8AI score0.03815EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.12 views

CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

7.5CVSS6.8AI score0.00632EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.12 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.7CVSS6.6AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:34 a.m.4 views

CVE-2023-30847

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

8.2CVSS6.5AI score0.00902EPSS
Exploits0References1
OSV
OSV
added 2024/10/11 3:15 p.m.3 views

DEBIAN-CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

7.5CVSS5.6AI score0.00438EPSS
Exploits0References1
NVD
NVD
added 2024/10/11 3:15 p.m.20 views

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

7.5CVSS0.00438EPSS
Exploits0References3
OSV
OSV
added 2024/10/11 3:15 p.m.22 views

UBUNTU-CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

7.5CVSS5.8AI score0.00632EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/11 2:28 p.m.30 views

CVE-2024-45403 H2O assertion failure when HTTP/3 requests are cancelled

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

3.7CVSS0.00632EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/11 2:24 p.m.17 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/11 2:20 p.m.22 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS0.00428EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/11 2:20 p.m.14 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS6.7AI score0.00428EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.5 views

PT-2024-31607 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: h2o versions prior to the version containing commit 1ed32b2 Description: The issue affects h2o, an HTTP server that supports HTTP/1.x, HTTP/2, and HTTP/3. When configured as a reverse proxy, h2o may crash due to an assertion failure if HTTP/3...

7.5CVSS6.9AI score0.00632EPSS
Exploits0References14
Rows per page
Query Builder