Project

General

Profile

Actions

Security #7658

closed

http2: global tx (stream id 0) may open file and never close it

Added by Philippe Antoine 4 months ago. Updated 11 days ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:

1d6d331752e933c46aca0ae7a9679b27462246e3

Severity:
HIGH
Disclosure Date:
07/26/2025

Description

Per RFC 9113 section 5.1.1

the stream identifier of zero cannot be used to establish a new stream

So, we should not accept DATA frame with a stream id 0

Somes from oss-fuzz https://issues.oss-fuzz.com/u/1/issues/42534790


Subtasks 1 (0 open1 closed)

Security #7659: http2: global tx (stream id 0) may open file and never close it (7.0.x backport)ClosedPhilippe AntoineActions
Actions #1

Updated by Philippe Antoine 4 months ago

Or section 6.1

If a DATA frame is received whose Stream Identifier field is 0x00, the recipient MUST respond with a connection error (Section 5.4.1) of type PROTOCOL_ERROR

Actions #2

Updated by Philippe Antoine 4 months ago

  • Status changed from New to In Review

Gitlab MR

Actions #3

Updated by OISF Ticketbot 4 months ago

  • Subtask #7659 added
Actions #4

Updated by OISF Ticketbot 4 months ago

  • Label deleted (Needs backport to 7.0)
Actions #5

Updated by Philippe Antoine 3 months ago

  • Tracker changed from Bug to Security
  • Severity set to MODERATE
  • Disclosure Date set to 07/26/2024
Actions #6

Updated by Philippe Antoine 3 months ago

  • Disclosure Date changed from 07/26/2024 to 07/26/2025
Actions #7

Updated by Philippe Antoine about 2 months ago

  • Target version changed from 8.0.0-rc1 to 8.0.0

No security fix in rc1

Actions #8

Updated by Victor Julien about 2 months ago

  • Severity changed from MODERATE to HIGH
Actions #9

Updated by Victor Julien 26 days ago

  • Status changed from In Review to Resolved
Actions #11

Updated by Philippe Antoine 24 days ago

  • Status changed from Resolved to Closed

Fixed by commit 1d6d331752e933c46aca0ae7a9679b27462246e3

Actions #12

Updated by Jason Ish 11 days ago

  • Private changed from Yes to No
  • Git IDs updated (diff)
Actions

Also available in: Atom PDF