PT-2017-8561 · H2O · H2O

Kazuho Oku

Published

2017-05-12

Updated

2019-02-26

CVE-2016-4864

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions H2O versions 2.0.3 and earlier H2O version 2.1.0-beta2 and earlier

Description The issue allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file. This can be achieved through various means such as fastcgi, mruby, proxy, redirect, or reproxy.

Recommendations For H2O versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. For H2O version 2.1.0-beta2 and earlier, update to a version later than 2.1.0-beta2 to resolve the issue.

Fix

DoS

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2016-4864

Affected Products

H2O

PT-2017-8561 · H2O · H2O

CVE-2016-4864

Weakness Enumeration

Related Identifiers

Affected Products

References · 5