Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2024-45403

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited...

1 affected package

h2o

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45397

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used,...

1 affected package

h2o

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-25622

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has...

1 affected package

h2o

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-41337

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by...

1 affected package

h2o

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-44487

High priority

Some fixes available 22 of 57

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotnet6 Not in release Fixed Not in release Not in release Not in release
dotnet7 Not in release Fixed Not in release Not in release Not in release
dotnet8 Fixed Not affected Not in release Not in release Not in release
h2o Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
haproxy Not affected Not affected Not affected Fixed Not affected
netty Not affected Fixed Fixed Not affected Not affected
nghttp2 Not affected Fixed Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Not affected Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Not affected Fixed Fixed Fixed Ignored
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2023-30847

Medium priority
Needs evaluation

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer....

1 affected package

h2o

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-43848

Medium priority
Needs evaluation

h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to...

1 affected package

h2o

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-0326

Low priority
Needs evaluation

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

5 affected packages

cargo, groonga, h2o, mruby, nghttp2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Not affected Not affected Not affected Not affected
groonga Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
mruby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nghttp2 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-0240

Low priority
Needs evaluation

mruby is vulnerable to NULL Pointer Dereference

5 affected packages

cargo, groonga, h2o, mruby, nghttp2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Not affected Not affected Not affected Not affected
groonga Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
h2o Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
mruby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nghttp2 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-9515

Medium priority

Some fixes available 15 of 63

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, netty, nginx...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable Not in release
netty Not affected Not affected Not affected Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 7 packages Show less packages