Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-57804

Опубликовано: 25 авг. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий

Описание

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

jammy

needs-triage

noble

needs-triage

plucky

needs-triage

upstream

released

4.3.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 20%
0.00062
Низкий

Связанные уязвимости

redhat логотип

CVE-2025-57804

CVSS3: 5.3
redhat
12 дней назад

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

nvd логотип

CVE-2025-57804

nvd
12 дней назад

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

debian логотип

CVE-2025-57804

debian
12 дней назад

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...

github логотип

GHSA-847f-9342-265h

github
12 дней назад

h2 allows HTTP Request Smuggling due to illegal characters in headers

EPSS

Процентиль: 20%
0.00062
Низкий