CVE-2016-4817

lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.

Published : 2016-06-19 01:59 Updated : 2016-06-21 13:56

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
H2o Project H2o 2.0.0 cpe:/a:h2o_project:h2o:2.0.0:beta4
H2o Project H2o 1.7.2 cpe:/a:h2o_project:h2o:1.7.2
  1. H2o Project (1) Search CVE
    1. H2o (2) Search CVE
      1. 2.0.0
      2. 1.7.2

CWE

There is no CWE for this CVE.

History of changes

Date Event
2016-06-19 01:59

New CVE