FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

h2o -- HTTP/2 Rapid Reset attack vulnerability

Affected packages
h2o <= 2.2.6
h2o-devel < 2.3.0.d.20231010

Details

VuXML ID bf545001-b96d-42e4-9d2e-60fdee204a43
Discovery 2023-10-10
Entry 2023-10-10

Kazuo Okuhu reports:

H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack.

[source]

References

CVE Name CVE-2023-44487
URL https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.