Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix crash when logging TLS 1.3 properties (CVE-2017-10872) #1543

Closed
kazuho opened this issue Dec 14, 2017 · 1 comment
Closed

fix crash when logging TLS 1.3 properties (CVE-2017-10872) #1543

kazuho opened this issue Dec 14, 2017 · 1 comment
Labels

Comments

@kazuho
Copy link
Member

@kazuho kazuho commented Dec 14, 2017

The server segfaults when trying to emit the bits of a TLS 1.3 cipher-suite being used to the access-log (by specifying %{ssl.cipher-bits}x).

To avoid the issue, users are advised to upgrade to version 2.2.4 or to disable the use of TLS 1.3 (by setting the maximum-version to 1.2).

The issue was reported by @herumi in #1465.

@h2o h2o locked and limited conversation to collaborators Dec 14, 2017
@kazuho kazuho changed the title test fix crash when logging TLS 1.3 properties (CVE-2017-1087) Dec 15, 2017
@kazuho kazuho changed the title fix crash when logging TLS 1.3 properties (CVE-2017-1087) fix crash when logging TLS 1.3 properties (CVE-2017-10872) Dec 15, 2017
@h2o h2o unlocked this conversation Dec 15, 2017
@kazuho kazuho closed this Jan 12, 2018
@kirotawa
Copy link

@kirotawa kirotawa commented Jun 22, 2018

Hi, what is the commit id/sha that fix this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.