FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

h2o -- HTTP/2 Rapid Reset attack vulnerability

Affected packages
h2o <= 2.2.6
h2o-devel < 2.3.0.d.20231010


VuXML ID bf545001-b96d-42e4-9d2e-60fdee204a43
Discovery 2023-10-10
Entry 2023-10-10

Kazuo Okuhu reports:

H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack.


CVE Name CVE-2023-44487