FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

h2o -- multiple HTTP/2 vulnerabilities

Affected packages
h2o < 2.2.6


VuXML ID 73b1e734-c74e-11e9-8052-0028f8d09152
Discovery 2019-08-13
Entry 2019-08-25

Jonathon Loomey of Netflix reports:

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following:


CVE Name CVE-2019-9512
CVE Name CVE-2019-9514
CVE Name CVE-2019-9515