Every CVE whose affected-product data names Dena H2o, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2018-0608 — CVSS 9.8 (critical): Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via…
CVE-2016-7835 — CVSS 9.1 (critical): Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys…
CVE-2023-30847 — CVSS 8.2 (high): H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP…
CVE-2017-10869 — CVSS 7.5 (high): Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
CVE-2017-10908 — CVSS 7.5 (high): H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
CVE-2016-4817 — CVSS 7.5 (high): lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to…
CVE-2016-4864 — CVSS 7.5 (high): H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string…
CVE-2017-10868 — CVSS 7.5 (high): H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.
CVE-2021-43848 — CVSS 7.4 (high): h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving…
CVE-2017-10872 — CVSS 6.5 (medium): H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
CVE-2023-41337 — CVSS 6.1 (medium): h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to…
CVE-2024-45397 — CVSS 5.9 (medium): h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open…
CVE-2024-45403 — CVSS 3.7 (low): h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are…
CVE-2023-50247 — CVSS 3.7 (low): h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in…
CVE-2016-1133 — CVSS 3.7 (low): CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows…
CVE-2024-25622 — CVSS 3.1 (low): h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows…