CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
denah2o
2.0.0 ≤
𝑥
≤ 2.0.3
denah2o
2.1.0
denah2o
2.1.0:beta1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
h2o
bullseye
2.2.5+dfsg2-6
fixed
bookworm
2.2.5+dfsg2-7
fixed
sid
2.2.5+dfsg2-9
fixed
trixie
2.2.5+dfsg2-9
fixed
Common Weakness Enumeration
References
https://github.com/h2o/h2o/issues/1077
https://jvn.jp/en/jp/JVN94779084/index.html
https://github.com/h2o/h2o/issues/1077
https://jvn.jp/en/jp/JVN94779084/index.html