CVE-2017-10908

CVE-2017-10908

EPSS 3.6%

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

Affected products

Kazuho Oku · H2O

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/h2o/h2o/issues/1544 https://jvn.jp/en/jp/JVN84182676/index.html