FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bf545001-b96d-42e4-9d2e-60fdee204a43h2o -- HTTP/2 Rapid Reset attack vulnerability

Kazuo Okuhu reports:

H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack.


Discovery 2023-10-10
Entry 2023-10-10
h2o
le 2.2.6

h2o-devel
< 2.3.0.d.20231010

CVE-2023-44487
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
4da51989-5a8b-4eb9-b442-46d94ec0802dh2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Elijah Glover reports:

Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections.


Discovery 2023-04-27
Entry 2023-04-30
h2o
le 2.2.6

h2o-devel
< 2.3.0.d.20230427

CVE-2023-30847
https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx