vulnerability

FreeBSD: h2o -- use after free on premature connection close

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:N/A:C)	May 17, 2016	Jun 2, 2016	Feb 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:C)

Published

May 17, 2016

Added

Jun 2, 2016

Modified

Feb 19, 2025

Description

Tim Newsha reports:

When H2O tries to disconnect a premature HTTP/2 connection, it
calls free(3) to release memory allocated for the connection and
immediately after then touches the memory. No malloc-related
operation is performed by the same thread between the time it calls
free and the time the memory is touched. Fixed by Frederik
Deweerdt.

Solution

freebsd-upgrade-package-h2o

References

URL-https://h2o.examp1e.net/vulnerabilities.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today