Cyber Resilience

CVE-2024-10550

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
14 July 2025
KEV Added
Patch
CVSS Score v3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0034 57.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10550 is a high-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in H2O H2O. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 42.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Data-Related Vulnerabilities risk domain.

EU & UK References

Vulnerability details

A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular…

more

expression complexity, leading to the exhaustion of server resources and making the server unresponsive.

CWE(s)

AI Security AnalysisAI

AI Category
Machine Learning Libraries
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: h2o

Related Threats

Affected Assets

h2o
h2o
3.46.0.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References