Security #7658: http2: global tx (stream id 0) may open file and never close it - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7658

closed

PA PA

http2: global tx (stream id 0) may open file and never close it

Security #7658: http2: global tx (stream id 0) may open file and never close it

Added by Philippe Antoine about 1 year ago. Updated 10 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0

Affected Versions:

Label:

CVE:

2025-53538

Git IDs:

1d6d331752e933c46aca0ae7a9679b27462246e3

Severity:

HIGH

Disclosure Date:

07/26/2025

GHSA:

Description

Per RFC 9113 section 5.1.1

the stream identifier of zero cannot be used to establish a new stream

So, we should not accept DATA frame with a stream id 0

Somes from oss-fuzz https://issues.oss-fuzz.com/u/1/issues/42534790

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Security #7658

http2: global tx (stream id 0) may open file and never close it

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#1

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#2

OT Updated by OISF Ticketbot about 1 year ago Actions
Copy link
#3

OT Updated by OISF Ticketbot about 1 year ago Actions
Copy link
#4

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#5

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#6

PA Updated by Philippe Antoine 12 months ago Actions
Copy link
#7

VJ Updated by Victor Julien 12 months ago Actions
Copy link
#8

VJ Updated by Victor Julien 11 months ago Actions
Copy link
#9

JF Updated by Juliana Fajardini Reichow 11 months ago Actions
Copy link
#10

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
#11

JI Updated by Jason Ish 10 months ago Actions
Copy link
#12

Project

General

Profile

Suricata

Custom queries

Security #7658

http2: global tx (stream id 0) may open file and never close it

PA Updated by Philippe Antoine about 1 year ago ActionsCopy link #1

PA Updated by Philippe Antoine about 1 year ago ActionsCopy link #2

OT Updated by OISF Ticketbot about 1 year ago ActionsCopy link #3

OT Updated by OISF Ticketbot about 1 year ago ActionsCopy link #4

PA Updated by Philippe Antoine about 1 year ago ActionsCopy link #5

PA Updated by Philippe Antoine about 1 year ago ActionsCopy link #6

PA Updated by Philippe Antoine 12 months ago ActionsCopy link #7

VJ Updated by Victor Julien 12 months ago ActionsCopy link #8

VJ Updated by Victor Julien 11 months ago ActionsCopy link #9

JF Updated by Juliana Fajardini Reichow 11 months ago ActionsCopy link #10

PA Updated by Philippe Antoine 11 months ago ActionsCopy link #11

JI Updated by Jason Ish 10 months ago ActionsCopy link #12

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#1

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#2

OT Updated by OISF Ticketbot about 1 year ago Actions
Copy link
#3

OT Updated by OISF Ticketbot about 1 year ago Actions
Copy link
#4

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#5

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
#6

PA Updated by Philippe Antoine 12 months ago Actions
Copy link
#7

VJ Updated by Victor Julien 12 months ago Actions
Copy link
#8

VJ Updated by Victor Julien 11 months ago Actions
Copy link
#9

JF Updated by Juliana Fajardini Reichow 11 months ago Actions
Copy link
#10

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
#11

JI Updated by Jason Ish 10 months ago Actions
Copy link
#12