CVE-2016-7835
NONE EPSS 80.2%
Published Jun 9, 20179y ago · Modified Jun 17, 20262w ago
Published Jun 9, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
Threat Intelligence
EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| dena | h2o | * | ≤2.0.4 |
| h2o_project | h2o | 2.1.0 | any |
References 3
- securityfocus.com http://www.securityfocus.com/bid/95061
- github.com https://github.com/h2o/h2o/issues/1144
- jvn.jp https://jvn.jp/en/jp/JVN44566208/index.html
Remediation
- github.com https://github.com/h2o/h2o/issues/1144