H2O up to version 2.2.4 has a bug that would allow an remote attacker to trigger a heap buffer overflow while the server attempts to emit an access log line.
Users should update to 2.2.5 as soon as possible, or disable access logging.
We would like to thank Marlies Ruck, ForAllSecure for finding the issue.
The text was updated successfully, but these errors were encountered:
kazuho
changed the title
TBD
heap buffer overflow while trying to emit access log (CVE-2018-0608)
Jun 1, 2018
H2O up to version 2.2.4 has a bug that would allow an remote attacker to trigger a heap buffer overflow while the server attempts to emit an access log line.
Users should update to 2.2.5 as soon as possible, or disable access logging.
We would like to thank Marlies Ruck, ForAllSecure for finding the issue.
The text was updated successfully, but these errors were encountered: