OESA-2025-2250
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2250
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2250.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2250
- Upstream
- Published
- 2025-09-12T14:24:48Z
- Modified
- 2025-09-12T19:01:05.290613Z
- Summary
- python-h2 security update
- Details
-
This repository contains a pure-Python implementation of a HTTP/2 protocol stack. It is written from the ground up to be embeddable in whatever program you choose to use, ensuring that you can speak HTTP/2 regardless of your programming paradigm.
Security Fix(es):
A vulnerability was found in python-hyper h2 up to 4.2.x (Programming Language Software) and classified as problematic.Using CWE to declare the problem leads to CWE-93. The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.Impacted is integrity.Upgrading to version 4.3.0 eliminates this vulnerability. Applying the patch 035e9899f95e3709af098f578bfc3cd302298e3a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-57804)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4
python-h2
Package
- Name
- python-h2
- Purl
- pkg:rpm/openEuler/python-h2&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.0-2.oe2003sp4
openEuler:22.03-LTS-SP3
python-h2
Package
- Name
- python-h2
- Purl
- pkg:rpm/openEuler/python-h2&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.0-3.oe2203sp3
openEuler:22.03-LTS-SP4
python-h2
Package
- Name
- python-h2
- Purl
- pkg:rpm/openEuler/python-h2&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.0-3.oe2203sp4
openEuler:24.03-LTS
python-h2
Package
- Name
- python-h2
- Purl
- pkg:rpm/openEuler/python-h2&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0-3.oe2403sp2
Ecosystem specific
{
"noarch": [
"python-h2-help-4.1.0-3.oe2403.noarch.rpm",
"python3-h2-4.1.0-3.oe2403.noarch.rpm",
"python-h2-help-4.1.0-3.oe2403sp1.noarch.rpm",
"python3-h2-4.1.0-3.oe2403sp1.noarch.rpm",
"python-h2-help-4.1.0-3.oe2403sp2.noarch.rpm",
"python3-h2-4.1.0-3.oe2403sp2.noarch.rpm"
],
"src": [
"python-h2-4.1.0-3.oe2403.src.rpm",
"python-h2-4.1.0-3.oe2403sp1.src.rpm",
"python-h2-4.1.0-3.oe2403sp2.src.rpm"
]
}openEuler:24.03-LTS-SP1
python-h2
Package
- Name
- python-h2
- Purl
- pkg:rpm/openEuler/python-h2&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0-3.oe2403sp1
openEuler:24.03-LTS-SP2
python-h2
Package
- Name
- python-h2
- Purl
- pkg:rpm/openEuler/python-h2&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.0-3.oe2403sp2