The worker process of H2O may crash (and automatically respawned depending on the configuration) when it receives a HTTP request with an invalid framing specifier (i.e. content-length or transfer-encoding header).
The crash disrupts other requests in-flight, and therefore is being classified as a DoS vulnerability.
Details TBD.
Affected systems: H2O up to version 2.2.2, serving HTTP/1 traffic.
Resolution: upgrade to 2.2.3.
The worker process of H2O may crash (and automatically respawned depending on the configuration) when it receives a HTTP request with an invalid framing specifier (i.e. content-length or transfer-encoding header).
The crash disrupts other requests in-flight, and therefore is being classified as a DoS vulnerability.
Details TBD.
Affected systems: H2O up to version 2.2.2, serving HTTP/1 traffic.
Resolution: upgrade to 2.2.3.