Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
fix stack overflow when sending huge request body to upstream (CVE-2017-10869) #1460
The worker process of H2O may crash (and automatically respawned depending on the configuration) while the reverse proxy module tries to forward a huge HTTP request body to the upstream server using HTTPS.
The crash disrupts other requests in-flight, and therefore is being classified as a DoS vulnerability.
Affected systems: H2O up to version 2.2.2, used as a reverse proxy that connects to the origin server using HTTPS.