CVE-2026-44453
The CVE-2026-44453 entry concerns the h2o HTTP server (HTTP/1.x, HTTP/2, HTTP/3). Before commit 6b5370d, h2o could trigger a Denial of Service by calling alloca to build file paths for static files, potentially allocating up to ~600 KB on the stack. This exceeds the musl libc pthread stack defaul...