Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14dmM5LXh3Z2otNGNxOc4AArqo
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-x7vr-c387-8w57. This link is maintained to preserve external references.
Original Description
HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.
If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).
The flaw was corrected in 0.1.20 release of http crate.
Permalink: https://github.com/advisories/GHSA-xvc9-xwgj-4cq9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dmM5LXh3Z2otNGNxOc4AArqo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 5 months ago Widthdrawn: 5 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-xvc9-xwgj-4cq9, CVE-2019-25008
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-25008
- https://github.com/hyperium/http/issues/352
- https://rustsec.org/advisories/RUSTSEC-2019-0033.html
- https://github.com/advisories/GHSA-xvc9-xwgj-4cq9
Blast Radius: 34.7
Affected Packages
cargo:http
Dependent packages: 3,729Dependent repositories: 42,695
Downloads: 163,499,302 total
Affected Version Ranges: < 0.1.20
Fixed in: 0.1.20
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.1.16, 0.1.17, 0.1.18, 0.1.19
All unaffected versions: 0.1.20, 0.1.21, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 1.0.0, 1.1.0