VYPR

h2o

by Debian

CVEs (1)

  • CVE-2026-55213Jul 12, 2026
    risk 0.00cvss epss

    h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800…