Security Advisory

CVE-2024-10549

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:11:32

Last updated 2025-10-15 12:49:27

Assigner @huntr_ai

State PUBLISHED

Description

A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service.

← Browse all CVEs View on cve.org ↗