RUSTSEC-2021-0079

Source
https://rustsec.org/advisories/RUSTSEC-2021-0079
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0079.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2021-0079
Aliases
Published
2021-07-07T12:00:00Z
Modified
2023-11-08T04:05:57.916759Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss
Details

When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation, this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack.

To be vulnerable, you must be using hyper for any HTTP/1 purpose, including as a client or server, and consumers must send requests or responses that specify a chunk size greater than 18 exabytes. For a possible request smuggling attack to be possible, any upstream proxies must accept a chunk size greater than 64 bits.

References

Affected packages

crates.io / hyper

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.14.10

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
    "informational": null,
    "categories": []
}