FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Affected packages
h2o <= 2.2.6
h2o-devel < 2.3.0.d.20230427

Details

VuXML ID 4da51989-5a8b-4eb9-b442-46d94ec0802d
Discovery 2023-04-27
Entry 2023-04-30

Elijah Glover reports:

Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections.

[source]

References

CVE Name CVE-2023-30847
URL https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.