{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-55213","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-06-16T16:16:32.627Z","datePublished":"2026-07-10T20:49:58.764Z","dateUpdated":"2026-07-10T20:49:58.764Z"},"containers":{"cna":{"title":"h2o: musl libc stack overflow (QPACK)","problemTypes":[{"descriptions":[{"cweId":"CWE-789","lang":"en","description":"CWE-789: Memory Allocation with Excessive Size Value","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/h2o/h2o/security/advisories/GHSA-432c-8xmj-frmq","tags":["x_refsource_CONFIRM"],"url":"https://github.com/h2o/h2o/security/advisories/GHSA-432c-8xmj-frmq"},{"name":"https://github.com/h2o/h2o/commit/edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1","tags":["x_refsource_MISC"],"url":"https://github.com/h2o/h2o/commit/edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1"}],"affected":[{"vendor":"h2o","product":"h2o","versions":[{"version":"< edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-07-10T20:49:58.764Z"},"descriptions":[{"lang":"en","value":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling alloca, which exceeds the default pthread stack size used by musl libc and causes the h2o server to crash with a segmentation fault while touching the guard page. This issue is fixed in commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1."}],"source":{"advisory":"GHSA-432c-8xmj-frmq","discovery":"UNKNOWN"}}}}