Buffer Overflow Vulnerability in h2o HTTP Server by h2o
CVE-2026-55213
7.5HIGH
What is CVE-2026-55213?
The h2o HTTP server, which supports multiple HTTP versions, is susceptible to a buffer overflow vulnerability when processing QPACK instructions over HTTP/3. Prior to a recent fix, the server could allocate a large on-stack buffer, exceeding the default pthread stack size, leading to a segmentation fault and crash during operation. This vulnerability has been addressed in a subsequent commit, improving the overall stability and security of the server.
Affected Version(s)
h2o < edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1
