Buffer Overflow Vulnerability in H2O Web Server by H2O, Inc.
CVE-2018-0608

9.8CRITICAL

Key Information:

Vendor: Kazuho Oku
Status: H2o
Vendor: CVE Published:; 26 June 2018

What is CVE-2018-0608?

A buffer overflow vulnerability exists in H2O web server versions 2.2.4 and earlier. This flaw could be exploited by remote attackers to execute arbitrary code or cause denial of service (DoS) conditions through unspecified vectors. Users of affected versions are advised to apply the latest security updates to mitigate the risks associated with this vulnerability. For more details, check the associated advisories and discussions.

Affected Version(s)

H2O version 2.2.4 and earlier

References

http://jvn.jp/en/jp/JVN93226941/index.html

third-party-advisoryx_refsource_JVN

https://github.com/h2o/h2o/issues/1775

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
Nov 27, 2017

CVE-2018-0608 Data

JSON

Kazuho Oku

What is CVE-2018-0608?

Affected Version(s)

References

CVSS V3.1

Timeline