Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
heap buffer overflow while trying to emit access log (CVE-2018-0608) #1775
H2O up to version 2.2.4 has a bug that would allow an remote attacker to trigger a heap buffer overflow while the server attempts to emit an access log line.
Users should update to 2.2.5 as soon as possible, or disable access logging.
We would like to thank Marlies Ruck, ForAllSecure for finding the issue.