Описание
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
A vulnerability was found in python-hyper/h2 that contains an input validation flaw that allows carriage return and line feed (CRLF) characters to be injected into HTTP/2 header fields. When requests are downgraded from HTTP/2 to HTTP/1.1, the library fails to enforce proper header validation, which may lead to incorrect parsing of request boundaries by downstream components.
Отчет
This issue is classified as Moderate rather than Important because its impact is constrained to integrity violations through request injection, without directly compromising confidentiality or availability. The flaw arises only in environments where HTTP/2 traffic is downgraded to HTTP/1.1 by intermediaries, which is not the default behavior in many deployments. Successful exploitation requires specific backend or proxy configurations that fail to sanitize CRLF sequences properly. As a result, the vulnerability does not universally expose systems to privilege escalation or data leakage but instead enables request manipulation under certain conditions.
Меры по смягчению последствий
Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 3 | openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-cni-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-must-gather-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-pilot-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-proxyv2-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-rhel9-operator | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-sail-operator-bundle | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh-tech-preview/istio-ztunnel-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ee-cloud-services-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...
h2 allows HTTP Request Smuggling due to illegal characters in headers
5.3 Medium
CVSS3