Information on source package h2o

Available versions

ReleaseVersion
bullseye2.2.5+dfsg2-6
bookworm2.2.5+dfsg2-7
trixie2.2.5+dfsg2-9
sid2.2.5+dfsg2-9

Open issues

BugbullseyebookwormtrixiesidDescription
CVE-2024-45397vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerablevulnerableh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...
CVE-2024-25622vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerablevulnerableh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...
CVE-2023-44487vulnerable (no DSA, postponed)vulnerable (no DSA)fixedfixedThe HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-41337vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerablevulnerableh2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In ...

Resolved issues

BugDescription
CVE-2024-45403h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...
CVE-2023-50247h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...
CVE-2023-30847H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the rev ...
CVE-2021-43848h2o is an open source http server. In code prior to the `8c0eca3` comm ...
CVE-2019-9515Some HTTP/2 implementations are vulnerable to a settings flood, potent ...
CVE-2019-9514Some HTTP/2 implementations are vulnerable to a reset flood, potential ...
CVE-2019-9512Some HTTP/2 implementations are vulnerable to ping floods, potentially ...
CVE-2018-0608Buffer overflow in H2O version 2.2.4 and earlier allows remote attacke ...
CVE-2017-10908H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...
CVE-2017-10872H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...
CVE-2017-10869Buffer overflow in H2O version 2.2.2 and earlier allows remote attacke ...
CVE-2017-10868H2O version 2.2.2 and earlier allows remote attackers to cause a denia ...
CVE-2016-7835Use-after-free vulnerability in H2O allows remote attackers to cause a ...
CVE-2016-4864H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remo ...
CVE-2016-4817lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 ...
CVE-2016-1133CRLF injection vulnerability in the on_req function in lib/handler/red ...
CVE-2015-5638Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...

Security announcements

DSA / DLADescription
DLA-3638-1h2o - security update
DSA-4508-1h2o - security update

Search for package or bug name: Reporting problems