13 matches found
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2024-34362
A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of service...
CVE-2024-32974
A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of service...
Memory Exhaustion
h2o is vulnerable to Memory Exhaustion. The vulnerability is due to improper bound check on the QUIC stack. This issue can be exploited by an attacker to progressively increase the memory retained by the QUIC stack leading to memory exhaustion and denial of service...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
Memory corruption
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247 h2o QUIC state exhaustion DoS
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247 h2o QUIC state exhaustion DoS
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
PT-2023-31505 · H2O · H2O
Name of the Vulnerable Software and Affected Versions: h2o versions 2.3.0-beta and prior Description: The QUIC stack, as used by h2o, is susceptible to a state exhaustion attack. When h2o is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory...
SUSE CVE-2017-15398
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server...
CVE-2017-15407
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server...