Security #7658: http2: global tx (stream id 0) may open file and never close it - Suricata - Open Information Security Foundation

Actions

Copy link

Security #7658

closed

http2: global tx (stream id 0) may open file and never close it

Added by Philippe Antoine 4 months ago. Updated 11 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

8.0.0

Affected Versions:

Label:

CVE:

2025-53538

Git IDs:

1d6d331752e933c46aca0ae7a9679b27462246e3

Severity:

HIGH

Disclosure Date:

07/26/2025

Description

Per RFC 9113 section 5.1.1

the stream identifier of zero cannot be used to establish a new stream

So, we should not accept DATA frame with a stream id 0

Somes from oss-fuzz https://issues.oss-fuzz.com/u/1/issues/42534790

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #7658

http2: global tx (stream id 0) may open file and never close it

Updated by Philippe Antoine 4 months ago

Updated by Philippe Antoine 4 months ago

Updated by OISF Ticketbot 4 months ago

Updated by OISF Ticketbot 4 months ago

Updated by Philippe Antoine 3 months ago

Updated by Philippe Antoine 3 months ago

Updated by Philippe Antoine about 2 months ago

Updated by Victor Julien about 2 months ago

Updated by Victor Julien 27 days ago

Updated by Juliana Fajardini Reichow 27 days ago

Updated by Philippe Antoine 25 days ago

Updated by Jason Ish 11 days ago