Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3dnItYzM4Ny04dzU3
Integer Overflow/Infinite Loop in the http crate
HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.
If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).
The flaw was corrected in 0.1.20 release of http crate.
Permalink: https://github.com/advisories/GHSA-x7vr-c387-8w57JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3dnItYzM4Ny04dzU3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-x7vr-c387-8w57, CVE-2020-25574
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-25574
- https://github.com/hyperium/http/issues/352
- https://rustsec.org/advisories/RUSTSEC-2019-0033.html
- https://github.com/advisories/GHSA-x7vr-c387-8w57
Blast Radius: 34.7
Affected Packages
cargo:http
Dependent packages: 2,968Dependent repositories: 42,695
Downloads: 142,168,106 total
Affected Version Ranges: < 0.1.20
Fixed in: 0.1.20
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.1.16, 0.1.17, 0.1.18, 0.1.19
All unaffected versions: 0.1.20, 0.1.21, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 1.0.0, 1.1.0