PT-2023-23002 · H2O · H2O

Elijahglover

Publicado

2023-04-27

Atualizado

2023-05-09

CVE-2023-30847

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions H2O versions 2.3.0-beta2 and prior

Description H2O is an HTTP server. When the reverse proxy handler tries to process a certain type of invalid HTTP request, it tries to build an upstream URL by reading from an uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers.

Recommendations For H2O versions 2.3.0-beta2 and prior, users should upgrade to commit f010336 or later to fix the issue.

Exploit

Correção

Access of Uninitialized Pointer

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-824

Identificadores relacionados

CVE-2023-30847

GHSA-P5HJ-PHWJ-HRVX

Produtos afetados

H2O

PT-2023-23002 · H2O · H2O

CVE-2023-30847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11