Search CVE reports


Toggle filters

11 – 20 of 22 results


CVE-2023-30847

Medium priority
Needs evaluation

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer....

1 affected package

h2o

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
h2o Not in release Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2021-43848

Medium priority
Needs evaluation

h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to...

1 affected package

h2o

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
h2o Not in release Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2022-0326

Low priority
Needs evaluation

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

5 affected packages

groonga, mruby, cargo, h2o, nghttp2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
groonga Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mruby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cargo Not in release Not in release Not affected Not affected Not affected
h2o Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nghttp2 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-0240

Low priority
Needs evaluation

mruby is vulnerable to NULL Pointer Dereference

5 affected packages

mruby, groonga, cargo, h2o, nghttp2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mruby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
groonga Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cargo Not in release Not in release Not affected Not affected Not affected
h2o Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nghttp2 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-9515

Medium priority

Some fixes available 17 of 66

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

grpc, golang-google-grpc, h2o, netty, nginx...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not in release Not affected Not affected Not affected Vulnerable
netty Not affected Not affected Not affected Not affected Fixed
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not in release Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed Fixed
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 17 of 80

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

grpc, golang-google-grpc, golang, golang-1.10, golang-1.11...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Not in release Vulnerable
h2o Not in release Not affected Not affected Not affected Needs evaluation
netty Not affected Not affected Not affected Not affected Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Ignored
trafficserver Not in release Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed Fixed
Show all 16 packages Show less packages

CVE-2019-9512

Medium priority

Some fixes available 17 of 42

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Not in release Vulnerable
h2o Not in release Not affected Not affected Not affected Needs evaluation
netty Not affected Not affected Not affected Not affected Fixed
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not in release Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed Fixed
Show all 13 packages Show less packages

CVE-2018-0608

Medium priority
Vulnerable

Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.

1 affected package

h2o

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
h2o Not in release Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-10908

Medium priority
Not affected

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

1 affected package

h2o

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
h2o Not affected
Show less packages

CVE-2017-10872

Medium priority
Not affected

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.

1 affected package

h2o

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
h2o Not affected
Show less packages