OSV-2021-907

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/h2o/OSV-2021-907.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-907
Published
2021-07-01T00:00:08.550315Z
Modified
2022-04-13T03:04:35.146504Z
Summary
Heap-buffer-overflow in decode_header_value_literal
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35675

Crash type: Heap-buffer-overflow READ 1
Crash state:
decode_header_value_literal
decode_header
h2o_hpack_parse_request
References

Affected packages

OSS-Fuzz / h2o

Package

Name
h2o
Purl
pkg:generic/h2o

Affected ranges

Type
GIT
Repo
https://github.com/h2o/h2o
Events
Introduced
456db08747ce01ab548e3da67da90a4d9da7286e
Fixed
1785a2fe97eda2de3d065147a0a4e5b509f0e3c0

Ecosystem specific 

{
    "severity": "MEDIUM"
}