Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
H2O vulnerable to read from uninitialized pointer in the reverse proxy handler
Vulnerability Description
H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
使用未经初始化的指针
Vulnerability Title
h2o 缓冲区错误漏洞
Vulnerability Description
h2o是新一代的 HTTP 服务器。与老一代的 HTTP 服务器相比,它不仅速度非常快,而且还为最终用户提供了更快的响应。 H2O 2.3.0-beta2版本及之前版本存在缓冲区错误漏洞,该漏洞源于当反向代理处理程序尝试处理某种类型的无效HTTP请求时,它会尝试通过读取未初始化的指针来构建上游URL,导致服务崩溃或信息泄漏到后端HTTP服务器。
CVSS Information
N/A
Vulnerability Type
N/A