UBUNTU-CVE-2023-30847

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-30847

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-30847.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-30847

Published

2023-04-27T15:15:00Z

Modified

2025-07-14T06:35:19.014546Z

Upstream

CVE-2023-30847

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
- medium

Summary

[none]

Details

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the master branch in commit f010336. Users should upgrade to commit f010336 or later.

References

Affected packages

Ubuntu:Pro:18.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-2

2.2.4+dfsg-1

2.2.4+dfsg-1build1

2.2.4+dfsg-1ubuntu0.1~esm2

Ubuntu:Pro:20.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3build1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-3

2.2.5+dfsg2-3build1

Ubuntu:22.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-6.1ubuntu2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-6

2.2.5+dfsg2-6.1

2.2.5+dfsg2-6.1ubuntu1

2.2.5+dfsg2-6.1ubuntu2

Ubuntu:24.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-8.1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-7

2.2.5+dfsg2-8

2.2.5+dfsg2-8.1ubuntu1

2.2.5+dfsg2-8.1ubuntu2

2.2.5+dfsg2-8.1ubuntu3

Ubuntu:25.04 / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-11?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-8.1ubuntu3

2.2.5+dfsg2-11~build

2.2.5+dfsg2-11