PT-2016-6161 · H2O · H2O
Tim Newsham
·
Publicado
2016-06-19
·
Atualizado
2021-04-19
·
CVE-2016-4817
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
H2O versions 1.7.3 and earlier
H2O versions 2.x before 2.0.0-beta5
Description
The issue is related to the mishandling of HTTP/2 disconnection in the
lib/http2/connection.c file. This allows remote attackers to cause a denial of service, resulting in a use-after-free condition and application crash, or possibly execute arbitrary code via a crafted packet.Recommendations
For H2O versions 1.7.3 and earlier, update to version 1.7.3 or later.
For H2O versions 2.x before 2.0.0-beta5, update to version 2.0.0-beta5 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
H2O