Lucene search
GoogleOSV:GHSA-XVC9-XWGJ-4CQ9HistoryJun 16, 2022 - 11:08 p.m.
Integer Overflow in HeaderMap::reserve() can cause Denial of Service
2022-06-1623:08:02
Google
osv.dev
10
0.002 Low
EPSS
Percentile
64.3%
HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.
If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).
The flaw was corrected in 0.1.20 release of http crate.
Related
nvd
nvd
CVE-2019-25008
2020-12-31 10:15:14
CVE-2020-25574
2020-09-14 19:15:11
cve
cve
CVE-2019-25008
2020-12-31 10:15:14
CVE-2020-25574
2020-09-14 19:15:11
osv
osv
CVE-2020-25574
2020-09-14 19:15:11
Integer Overflow/Infinite Loop in the http crate
2021-08-25 21:01:31
Integer Overflow in HeaderMap::reserve() can cause Denial of Service
2019-11-16 12:00:00
rustsec
rustsec
Integer Overflow in HeaderMap::reserve() can cause Denial of Service
2019-11-16 12:00:00
prion
prion
Integer overflow
2020-09-14 19:15:00
cvelist
cvelist
CVE-2020-25574
2020-09-14 18:16:17
CVE-2019-25008
2020-12-31 08:32:00
debiancve
debiancve
CVE-2020-25574
2020-09-14 19:15:11
ubuntucve
ubuntucve
CVE-2020-25574
2020-09-14 00:00:00
github
github
Integer Overflow/Infinite Loop in the http crate
2021-08-25 21:01:31