Lucene search
PRIOn knowledge basePRION:CVE-2021-32714HistoryJul 07, 2021 - 8:15 p.m.
Integer overflow
2021-07-0720:15:00
PRIOn knowledge base
www.prio-n.com
2
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper’s HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in “request smuggling” or “desync attacks.” The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a Transfer-Encoding header or ensure any upstream proxy rejects Transfer-Encoding chunk sizes greater than what fits in 64-bit unsigned integers.
Related
cve
cve
CVE-2021-32714
2021-07-07 20:15:08
debiancve
debiancve
CVE-2021-32714
2021-07-07 20:15:08
github
github
Integer Overflow in Chunked Transfer-Encoding
2021-07-12 16:55:37
ubuntucve
ubuntucve
CVE-2021-32714
2021-07-07 00:00:00
rustsec
rustsec
osv
osv
Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss
2021-07-07 12:00:00
Integer Overflow in Chunked Transfer-Encoding
2021-07-12 16:55:37
CVE-2021-32714
2021-07-07 20:15:08
cvelist
cvelist
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
2021-07-07 19:35:10
nvd
nvd
CVE-2021-32714
2021-07-07 20:15:08