Description
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2019-0033.html
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/hyperium/http/issues/352
Scores
CVSS v3
7.5
EPSS
0.0182
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
CWE-835
Status
published
Products (2)
crates.io/http
0 - 0.1.20crates.io
hyper/http
< 0.1.20
Published
Sep 14, 2020
Tracked Since
Feb 18, 2026