Lucene search
RustsecRUSTSEC-2022-0066HistoryOct 30, 2022 - 12:00 p.m.
Denial of Service from unchecked request length
2022-10-3012:00:00
rustsec.org
5
denial of service
version 0.4.2
conduit-hyper
request length
content-length
panic
memory allocation
internal limit
bad request
software
0.001 Low
EPSS
Percentile
38.4%
Prior to version 0.4.2, conduit-hyper did not check any limit on a request’s
length before calling hyper::body::to_bytes. An attacker could send a
malicious request with an abnormally large Content-Length, which could lead
to a panic if memory allocation failed for that request.
In version 0.4.2, conduit-hyper sets an internal limit of 128 MiB per
request, otherwise returning status 400 (“Bad Request”).
| CPE | Name | Operator | Version |
|---|---|---|---|
| conduit-hyper | ge | 0.2.0-alpha.3 | |
| conduit-hyper | lt | 0.4.2 |
Related
nvd
nvd
CVE-2022-39294
2022-10-31 19:15:10
github
github
conduit-hyper vulnerable to Denial of Service from unchecked request length
2022-10-31 18:44:47
prion
prion
Design/Logic Flaw
2022-10-31 19:15:00
osv
osv
conduit-hyper vulnerable to Denial of Service from unchecked request length
2022-10-31 18:44:47
CVE-2022-39294
2022-10-31 19:15:10
Denial of Service from unchecked request length
2022-10-30 12:00:00
cve
cve
CVE-2022-39294
2022-10-31 19:15:10
cvelist
cvelist