Search CVE reports
1 – 10 of 17 results
CVE-2024-45403
Medium priorityh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited...
1 affected package
h2o
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-45397
Medium priorityh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used,...
1 affected package
h2o
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-25622
Medium priorityh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has...
1 affected package
h2o
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2023-41337
Medium priorityh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by...
1 affected package
h2o
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-44487
High prioritySome fixes available 22 of 57
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
dotnet6, dotnet7, dotnet8, h2o, haproxy...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Fixed | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Fixed | Not in release | Not in release | Not in release |
dotnet8 | Fixed | Not affected | Not in release | Not in release | Not in release |
h2o | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
haproxy | Not affected | Not affected | Not affected | Fixed | Not affected |
netty | Not affected | Fixed | Fixed | Not affected | Not affected |
nghttp2 | Not affected | Fixed | Fixed | Fixed | Fixed |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tomcat10 | Not affected | Not in release | Not in release | Ignored | Ignored |
tomcat8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
tomcat9 | Not affected | Fixed | Fixed | Fixed | Ignored |
trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-30847
Medium priorityH2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer....
1 affected package
h2o
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2021-43848
Medium priorityh2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to...
1 affected package
h2o
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2022-0326
Low priorityNULL Pointer Dereference in Homebrew mruby prior to 3.2.
5 affected packages
cargo, groonga, h2o, mruby, nghttp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Not affected | Not affected | Not affected | Not affected |
groonga | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
mruby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nghttp2 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-0240
Low prioritymruby is vulnerable to NULL Pointer Dereference
5 affected packages
cargo, groonga, h2o, mruby, nghttp2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Not affected | Not affected | Not affected | Not affected |
groonga | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
mruby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nghttp2 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-9515
Medium prioritySome fixes available 15 of 63
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, netty, nginx...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
h2o | Not affected | Not affected | Not affected | Vulnerable | Not in release |
netty | Not affected | Not affected | Not affected | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |