{"schema_version":"1.7.2","id":"OESA-2025-2250","modified":"2025-09-12T14:24:48Z","published":"2025-09-12T14:24:48Z","upstream":["CVE-2025-57804"],"summary":"python-h2 security update","details":"This repository contains a pure-Python implementation of a HTTP/2 protocol stack. It is written from the ground up to be embeddable in whatever program you choose to use, ensuring that you can speak HTTP/2 regardless of your programming paradigm.\r\n\r\nSecurity Fix(es):\n\nA vulnerability was found in python-hyper h2 up to 4.2.x (Programming Language Software) and classified as problematic.Using CWE to declare the problem leads to CWE-93. The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.Impacted is integrity.Upgrading to version 4.3.0 eliminates this vulnerability. Applying the patch 035e9899f95e3709af098f578bfc3cd302298e3a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-57804)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"python-h2","purl":"pkg:rpm/openEuler/python-h2&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.0-3.oe2403sp2"}]}],"ecosystem_specific":{"noarch":["python-h2-help-4.1.0-3.oe2403.noarch.rpm","python3-h2-4.1.0-3.oe2403.noarch.rpm","python-h2-help-4.1.0-3.oe2403sp1.noarch.rpm","python3-h2-4.1.0-3.oe2403sp1.noarch.rpm","python-h2-help-4.1.0-3.oe2403sp2.noarch.rpm","python3-h2-4.1.0-3.oe2403sp2.noarch.rpm"],"src":["python-h2-4.1.0-3.oe2403.src.rpm","python-h2-4.1.0-3.oe2403sp1.src.rpm","python-h2-4.1.0-3.oe2403sp2.src.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"python-h2","purl":"pkg:rpm/openEuler/python-h2&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.0-3.oe2403sp1"}]}],"ecosystem_specific":{"noarch":["python-h2-help-4.1.0-3.oe2403sp1.noarch.rpm","python3-h2-4.1.0-3.oe2403sp1.noarch.rpm"],"src":["python-h2-4.1.0-3.oe2403sp1.src.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"python-h2","purl":"pkg:rpm/openEuler/python-h2&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.0-3.oe2403sp2"}]}],"ecosystem_specific":{"noarch":["python-h2-help-4.1.0-3.oe2403sp2.noarch.rpm","python3-h2-4.1.0-3.oe2403sp2.noarch.rpm"],"src":["python-h2-4.1.0-3.oe2403sp2.src.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"python-h2","purl":"pkg:rpm/openEuler/python-h2&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.0-2.oe2003sp4"}]}],"ecosystem_specific":{"noarch":["python-h2-help-4.0.0-2.oe2003sp4.noarch.rpm","python3-h2-4.0.0-2.oe2003sp4.noarch.rpm"],"src":["python-h2-4.0.0-2.oe2003sp4.src.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"python-h2","purl":"pkg:rpm/openEuler/python-h2&distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.0-3.oe2203sp3"}]}],"ecosystem_specific":{"noarch":["python-h2-help-4.0.0-3.oe2203sp3.noarch.rpm","python3-h2-4.0.0-3.oe2203sp3.noarch.rpm"],"src":["python-h2-4.0.0-3.oe2203sp3.src.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"python-h2","purl":"pkg:rpm/openEuler/python-h2&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.0-3.oe2203sp4"}]}],"ecosystem_specific":{"noarch":["python-h2-help-4.0.0-3.oe2203sp4.noarch.rpm","python3-h2-4.0.0-3.oe2203sp4.noarch.rpm"],"src":["python-h2-4.0.0-3.oe2203sp4.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2250"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57804"}],"database_specific":{"severity":"Medium"}}