Here's the page we think you wanted. See search results instead:

Toggle Menu

Chat Live

Confirm Your Country or Area

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

MXG Signal Generator UXA Signal Analyzer UXM for Wi-Fi 7 PXA Signal Analyzer Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

H2O Webserver HTTP Headers Buffer Overflow

Strike ID:

E18-0jgg1

CVSS:

9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

False Positive:

Variants:

Year:

2017

Description

This strike exploits a heap buffer overflow vulnerability in H2O Webserver. H2O Webserver has a function to allocate sufficient memory for large HTTP headers, however, in certain cases the buffer position pointer may become negative or overly large. In this case, the buffer will not be reallocated, leading to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted HTTP message. Successful exploitation may result in arbitrary code execution or abnormal termination of the H2O Webserver, leading to a denial of service condition.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0608

References

https://github.com/h2o/h2o/issues/1775

Welcome

What are you looking for?

H2O Webserver HTTP Headers Buffer Overflow

Description

CVE

References