Lucene search
GoogleOSV:RUSTSEC-2021-0079HistoryJul 07, 2021 - 12:00 p.m.
Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss
2021-07-0712:00:00
Google
osv.dev
12
0.001 Low
EPSS
Percentile
45.3%
When decoding chunk sizes that are too large, hyper’s code would encounter an integer overflow. Depending on the situation,
this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack.
To be vulnerable, you must be using hyper for any HTTP/1 purpose, including as a client or server, and consumers must send
requests or responses that specify a chunk size greater than 18 exabytes. For a possible request smuggling attack to be possible,
any upstream proxies must accept a chunk size greater than 64 bits.
Related
cve
cve
CVE-2021-32714
2021-07-07 20:15:08
debiancve
debiancve
CVE-2021-32714
2021-07-07 20:15:08
github
github
Integer Overflow in Chunked Transfer-Encoding
2021-07-12 16:55:37
ubuntucve
ubuntucve
CVE-2021-32714
2021-07-07 00:00:00
rustsec
rustsec
osv
osv
Integer Overflow in Chunked Transfer-Encoding
2021-07-12 16:55:37
CVE-2021-32714
2021-07-07 20:15:08
prion
prion
Integer overflow
2021-07-07 20:15:00
cvelist
cvelist
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
2021-07-07 19:35:10
nvd
nvd
CVE-2021-32714
2021-07-07 20:15:08