New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix crash when handling malformed HTTP/2 request (CVE-2017-10908) #1544

Closed
kazuho opened this Issue Dec 14, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@kazuho
Member

kazuho commented Dec 14, 2017

H2O up to version 2.2.3 may segfault when receiving a malformed HTTP/2 request. Users should update to 2.2.4.

Details TBD.

Server configurations that have only one host defined (in the hosts mapping) or have every host mapped to a different port is not affected by the issue.

The issue was reported by @Etsukata.

@h2o h2o locked and limited conversation to collaborators Dec 14, 2017

@kazuho kazuho changed the title from test to fix crash when handling malformed HTTP/2 request (CVE-2017-10908) Dec 15, 2017

@h2o h2o unlocked this conversation Dec 15, 2017

@liyun-li

This comment has been minimized.

Show comment
Hide comment
@liyun-li

liyun-li Dec 17, 2017

How do you sent a HTTP/2 request and how does the server handle HTTP/2?

liyun-li commented Dec 17, 2017

How do you sent a HTTP/2 request and how does the server handle HTTP/2?

@kazuho kazuho closed this Jan 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment