From 72c679972581df6b7ab3545e3273604edd0774d8 Mon Sep 17 00:00:00 2001 From: Dave Cottlehuber Date: Sun, 22 Oct 2017 22:25:53 +0000 Subject: Multiple vulnerabilites in www/h2o Reviewed by: jrm (mentor) Approved by: jrm (mentor) Security: CVE-2017-10868 Security: CVE-2017-10869 Differential Revision: https://reviews.freebsd.org/D12763 --- security/vuxml/vuln.xml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3231f961a714..07b99d2276b3 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,38 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + h2o -- DoS in workers + + + h2o + 2.2.3 + + + + +

Frederik Deweerdt reports:

+
Multiple Denial-of-Service vulnerabilities exist in h2o workers - + see references for full details.
+
CVE-2017-10868: Worker processes may crash when receiving a request with invalid framing.
+
CVE-2017-10869: The stack may overflow when proxying huge requests.
+

+ + + + CVE-2017-10868 + CVE-2017-10869 + https://github.com/h2o/h2o/issues/1459 + https://github.com/h2o/h2o/issues/1460 + https://github.com/h2o/h2o/releases/tag/v2.2.3 + + + 2017-07-19 + 2017-10-17 + + + irssi -- multiple vulnerabilities -- cgit v1.2.3