Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project

02-Feb-22

Independent security researcher Emil Lerner said the problem impacted the Fastly cloud computing service and allowed attackers to grab “random requests and responses from uninitialized memory of its’ nodes” in a technical write-up published on January 31.

The bug, according to Lerner, has to do with how HTTP/3 is implemented on the server side. HTTP/3 is a next-generation web protocol that makes use of QUIC (a Google-developed protocol) with UDP space congestion control.

Read More…