FreeBSD : h2o -- Use-after-free vulnerability (d0b12952-cb86-11e6-906f-0cc47a065786)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Kazuho Oku reports :

A use-after-free vulnerability exists in H2O up to and including
version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to
mount DoS attacks and / or information theft.

See also :

https://github.com/h2o/h2o/releases/tag/v2.0.5
https://github.com/h2o/h2o/issues/1144
http://www.nessus.org/u?7ce75a80

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96222 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now