HTTP/2 DoS attack vulnerabilities CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 #2090
Labels
Comments
|
Is this all fixed by 743d6b6 or is this issue kept open for some other angles? |
|
@mmuehlenhoff All fixed as of that commit. |
|
Can this issue then be closed please? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following:
These vulnerabilities have been fixed in version 2.2.6 and 2.3.0-beta2.
H2O is not vulnerable to CVE-2019-9511 (Data Dribble), CVE-2019-9513 (Resource Loop), CVE-2019-9516 (0-Length Headers Leak), CVE-2019-9517 (Internal Data Buffering), CVE-2019-9518 (Empty Frames Flood).
TBD: links to CVEs, acknowledgements.
The text was updated successfully, but these errors were encountered: