UBUNTU-CVE-2023-30847

Source
https://ubuntu.com/security/CVE-2023-30847
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-30847.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-30847
Related
Published
2023-04-27T15:15:00Z
Modified
2025-06-03T17:46:30Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the master branch in commit f010336. Users should upgrade to commit f010336 or later.

References

Affected packages

Ubuntu:Pro:18.04:LTS / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-2
2.2.4+dfsg-1
2.2.4+dfsg-1build1
2.2.4+dfsg-1ubuntu0.1~esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3build1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-3
2.2.5+dfsg2-3build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o@2.2.5+dfsg2-6.1ubuntu2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-6
2.2.5+dfsg2-6.1
2.2.5+dfsg2-6.1ubuntu1
2.2.5+dfsg2-6.1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o@2.2.5+dfsg2-8.1ubuntu3?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-8.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o@2.2.5+dfsg2-8.1ubuntu3?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-7
2.2.5+dfsg2-8
2.2.5+dfsg2-8.1ubuntu1
2.2.5+dfsg2-8.1ubuntu2
2.2.5+dfsg2-8.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o@2.2.5+dfsg2-11?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-8.1ubuntu3
2.2.5+dfsg2-11~build
2.2.5+dfsg2-11

Ecosystem specific

{
    "ubuntu_priority": "medium"
}