CVE-2016-7835

NONE EPSS 80.2%
Published Jun 9, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 9, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.

Threat Intelligence

EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 2

VendorProductVersionRange
denah2o* ≤2.0.4
h2o_projecth2o2.1.0any

References 3

  • securityfocus.com http://www.securityfocus.com/bid/95061
    Third Party AdvisoryVDB Entry
  • github.com https://github.com/h2o/h2o/issues/1144
    PatchThird Party Advisory
  • jvn.jp https://jvn.jp/en/jp/JVN44566208/index.html
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/h2o/h2o/issues/1144
    PatchThird Party Advisory