Buffer Overflow Vulnerability in H2O Web Server by H2O, Inc.
CVE-2017-10869

7.5HIGH

Key Information:

Vendor: Kazuho Oku
Status: H2o
Vendor: CVE Published:; 22 December 2017

What is CVE-2017-10869?

A buffer overflow vulnerability in H2O versions 2.2.2 and earlier allows remote attackers to exploit the server, potentially leading to a denial-of-service condition. This can occur through unspecified vectors, making it essential for users to apply the necessary updates or patches to secure their installations. For more information, refer to the documented issues on GitHub and additional advisory resources.

Affected Version(s)

H2O version 2.2.2 and earlier

References

https://github.com/h2o/h2o/issues/1460

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN84182676/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2017
Vulnerability Reserved
Jul 4, 2017

CVE-2017-10869 Data

JSON

Kazuho Oku

What is CVE-2017-10869?

Affected Version(s)

References

CVSS V3.1

Timeline