CVE-2023-30847

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-824
View all →

Vulnerability Description

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.

Related Vulnerabilities

CVE-2020-12300

HIGH
CVSS:8.2(High)

Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local acc...

CWE-8242020

CVE-2022-31599

HIGH
CVSS:8.2(High)

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of...

CWE-8242022

CVE-2018-16522

HIGH
CVSS:8.1(High)

Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.

CWE-8242018

CVE-2022-23636

HIGH
CVSS:8.1(High)

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiat...

CWE-8242022

CVE-2017-9670

HIGH
CVSS:7.8(High)

An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have...

CWE-8242017

CVE-2019-13527

HIGH
CVSS:7.8(High)

In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that ha...

CWE-8242019