H2o@2.3.0 Security Vulnerabilities and Issues — H2o@2.3.0 CVE List

Lucene search

DenaH2o2.3.0

3 matches found

CVE•added 2023/12/12 8:15 p.m.•67 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportun...

6.7CVSS6.3AI score0.00081EPSS

CVE•added 2023/04/27 3:15 p.m.•50 views

CVE-2023-30847

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP serv...

8.2CVSS8AI score0.00261EPSS

CVE•added 2023/12/12 8:15 p.m.•40 views

CVE-2023-50247

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressiv...

7.5CVSS5.6AI score0.00562EPSS