Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable and unauthenticated (AV:N/PR:N/UI:N) but only crashes musl-libc builds with HTTP/3 enabled, a deployment-specific precondition (AC:H); availability-only impact (A:H), no C/I.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling alloca, which exceeds the default pthread stack size used by musl libc and causes the h2o server to crash with a segmentation fault while touching the guard page. This issue is fixed in commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1.
AnalysisAI
Remote unauthenticated denial of service in the h2o HTTP server (all versions prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1) allows an attacker to crash the server by sending a crafted QPACK instruction over HTTP/3. The flaw causes lib/http3/qpack.c to allocate an ~800 KB on-stack buffer via alloca, overflowing the default musl libc pthread stack and segfaulting on the guard page. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target h2o server (1) has HTTP/3 enabled and reachable (QUIC over UDP, typically port 443) and (2) is built against musl libc, whose small default pthread stack (well under 800 KB) is what the alloca overruns - glibc builds with their much larger default stacks are generally not affected. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H = 7.5 High) reflects a network-reachable, unauthenticated availability-only impact, which is consistent with the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach a musl-libc h2o instance over HTTP/3 opens a QUIC connection and sends a crafted QPACK encoder/decoder instruction whose length drives an ~800 KB alloca in qpack.c. The oversized stack allocation runs past musl's small default thread stack into the guard page, and the worker process crashes with a segmentation fault, dropping in-flight connections. … |
| Remediation | Upstream fix available (PR/commit); released patched version not independently confirmed - update h2o to a build that includes commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1 (see the advisory at https://github.com/h2o/h2o/security/advisories/GHSA-432c-8xmj-frmq and the commit at https://github.com/h2o/h2o/commit/edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all h2o deployments and assess HTTP/3 exposure (check if HTTP/3 is enabled in production). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import f
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file r
In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target s
External Control of File Name or Path in h2oai/h2o-3. Rated high severity (CVSS 8.2), this vulnerability is remotely exp
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cau
A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) att
A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack.
A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of s
In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` p
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. Rated high sever
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43036