Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-57804

Опубликовано: 25 авг. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий

Описание

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

jammy

needs-triage

noble

needs-triage

plucky

needs-triage

questing

needs-triage

upstream

released

4.3.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%
0.00083
Низкий

Связанные уязвимости

redhat логотип

CVE-2025-57804

CVSS3: 5.3
redhat
4 месяца назад

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

nvd логотип

CVE-2025-57804

nvd
4 месяца назад

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

debian логотип

CVE-2025-57804

debian
4 месяца назад

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...

suse-cvrf логотип

SUSE-SU-2025:03273-1

suse-cvrf
3 месяца назад

Security update for python-h2

suse-cvrf логотип

SUSE-SU-2025:03199-1

suse-cvrf
3 месяца назад

Security update for python-h2

EPSS

Процентиль: 25%
0.00083
Низкий