Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-43859

Опубликовано: 24 апр. 2025
Источник: debian
EPSS Низкий

Описание

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-h11fixed0.14.0-1.1package
python-h11fixed0.14.0-1.1~deb12u1bookwormpackage
python-h11not-affectedbullseyepackage

Примечания

  • https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj

  • Introduced by: https://github.com/python-hyper/h11/commit/26ec787d44aacbff8fbc0fc1af7e3213dd993d46 (v0.14.0)

  • Fixed by: https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f (v0.16.0)

EPSS

Процентиль: 13%
0.00044
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-43859

CVSS3: 9.1
ubuntu
около 2 месяцев назад

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

redhat логотип

CVE-2025-43859

CVSS3: 7.4
redhat
около 2 месяцев назад

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

nvd логотип

CVE-2025-43859

CVSS3: 9.1
nvd
около 2 месяцев назад

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

suse-cvrf логотип

SUSE-SU-2025:1430-1

suse-cvrf
около 2 месяцев назад

Security update for python-h11

github логотип

GHSA-vqfr-h8mv-ghfj

CVSS3: 9.1
github
около 2 месяцев назад

h11 accepts some malformed Chunked-Encoding bodies

EPSS

Процентиль: 13%
0.00044
Низкий