3 matches found
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
CVE-2023-50247
The CVE-2023-50247 issue affects the h2o HTTP server (HTTP/1.x, HTTP/2, HTTP/3) where the QUIC stack (quicly), used in versions up to 2.3.0-beta, can trigger a state-exhaustion DoS when serving HTTP/3. The underlying cause is memory growth in the QUIC stack, which may lead to memory exhaustion an...