Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6w62-3jvj-mfj6

Опубликовано: 20 мар. 2025
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data amplification.

Ссылки

Пакеты

Наименование

h2o

pip
Затронутые версииВерсия исправления

>= 3.32.1.2, <= 3.46.0.2

Отсутствует

Наименование

ai.h2o:h2o-core

maven
Затронутые версииВерсия исправления

>= 3.32.1.2, <= 3.46.0.2

Отсутствует

EPSS

Процентиль: 38%
0.00169
Низкий

7.5 High

CVSS3

CVE ID

CVE-2024-7765

Дефекты

CWE-409

Связанные уязвимости

nvd логотип

CVE-2024-7765

CVSS3: 7.5
nvd
11 месяцев назад

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data amplification.

EPSS

Процентиль: 38%
0.00169
Низкий

7.5 High

CVSS3

CVE ID

CVE-2024-7765

Дефекты

CWE-409