Format String Vulnerability (CVE-2016-4864)

Format string vulnerability exists in [H2O](https://h2o.examp1e.net/) upto and including version [2.0.3](https://github.com/h2o/h2o/releases/tag/v2.0.3) / [2.1.0-beta2](https://github.com/h2o/h2o/releases/tag/v2.1.0-beta2), that can be used by remote attackers to mount Denial-of-Service attacks.

Users using one of the following handlers of H2O may be affected by the issue and are advised to **upgrade immediately to version [2.0.4](https://github.com/h2o/h2o/releases/tag/v2.0.4) or [2.1.0-beta3](https://github.com/h2o/h2o/releases/tag/v2.1.0-beta3)**.

Affected handlers:
- [fastcgi](https://h2o.examp1e.net/configure/fastcgi_directives.html)
- [mruby](https://h2o.examp1e.net/configure/mruby_directives.html)
- [proxy](https://h2o.examp1e.net/configure/proxy_directives.html)
- [redirect](https://h2o.examp1e.net/configure/redirect_directives.html)
- [reproxy](https://h2o.examp1e.net/configure/reproxy_directives.html)

Deployments only using the [file handler](https://h2o.examp1e.net/configure/file_directives.html) is not affected by the vulnerability.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Format String Vulnerability (CVE-2016-4864) #1077

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Format String Vulnerability (CVE-2016-4864) #1077

Description

Activity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions