CVE-2025-53538
From
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56 Mon Sep 17 00:00:00 2001
# Subject: [PATCH] http2: forbid data on stream 0
# Subject: [PATCH] http2: forbid data on stream 0
Ticket: 7658
Suricata will not handle well if we open a file for this tx,
do not close it, but set the transaction state to completed.
RFC 9113 section 6.1 states:
If a DATA frame is received whose Stream Identifier field is 0x00,
the recipient MUST respond with a connection error (Section 5.4.1)
of type PROTOCOL_ERROR.
(cherry picked from commit
1d6d331752e933c46aca0ae7a9679b27462246e3)
Origin: upstream, https://github.com/OISF/suricata/commit/
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56.patch
Bug: https://redmine.openinfosecfoundation.org/issues/7659
Bug-Debian: https://bugs.debian.org/
1109806
Subject: Upstream fix for CVE-2025-53538
Gbp-Pq: Name CVE-2025-53538.patch
projects / suricata.git / commit