Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix crash when handling malformed HTTP/2 request (CVE-2017-10908) #1544

Closed
kazuho opened this issue Dec 14, 2017 · 1 comment
Closed

fix crash when handling malformed HTTP/2 request (CVE-2017-10908) #1544

kazuho opened this issue Dec 14, 2017 · 1 comment
Labels

Comments

@kazuho
Copy link
Member

@kazuho kazuho commented Dec 14, 2017

H2O up to version 2.2.3 may segfault when receiving a malformed HTTP/2 request. Users should update to 2.2.4.

Details TBD.

Server configurations that have only one host defined (in the hosts mapping) or have every host mapped to a different port is not affected by the issue.

The issue was reported by @Etsukata.

@h2o h2o locked and limited conversation to collaborators Dec 14, 2017
@kazuho kazuho changed the title test fix crash when handling malformed HTTP/2 request (CVE-2017-10908) Dec 15, 2017
@h2o h2o unlocked this conversation Dec 15, 2017
@liyun-li
Copy link

@liyun-li liyun-li commented Dec 17, 2017

How do you sent a HTTP/2 request and how does the server handle HTTP/2?

@kazuho kazuho closed this Jan 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.