CVE-2024-7765
published 2025-03-20CVE-2024-7765: In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.72%
49.2th percentile
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data amplification.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| h2o | h2o | — | — |
| h2o | h2o | 3.32.1.2 – 3.46.0.2 | — |
| h2oai | h2oai_h2o-3 | unspecified – latest | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
osv·2025-03-20
CVE-2024-7765 [HIGH] H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data amplification.
GHSA
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
ghsa·2025-03-20
CVE-2024-7765 [HIGH] CWE-409 H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data amplification.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published