CVE-2022-39294

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

CVE-2022-39294

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

Design/Logic Flaw

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

sentry-conduit (>=0.1.0 <=0.3.0) potentially affected by CVE-2022-39294 via conduit-hyper (=0.3.0)

conduit-hyper CARGO version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on conduit-hyper and may be impacted: - sentry-conduit =0.1.0, =0.3.0 Source cves: CVE-2022-39294 Source advisory: OSV:GHSA-9398-5GHF-7PR6...

conduit-hyper vulnerable to Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

GHSA-9398-5GHF-7PR6 conduit-hyper vulnerable to Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

CVE-2022-39294 (DoS) Denial of Service from unchecked request length in conduit-hyper

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

CVE-2022-39294 (DoS) Denial of Service from unchecked request length in conduit-hyper

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

conduit-hyper 资源管理错误漏洞

conduit-hyper is a library from conduit-rust open source. It is used to integrate conduit applications with hyper servers. A security vulnerability exists in versions of conduit-hyper prior to 0.4.2 that stems from not checking the length of a request before its call to hyper::body::tobytes causi...

RUSTSEC-2022-0066 Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

sentry-conduit (>=0.1.0 <=0.3.0) potentially affected by CVE-2022-39294 via conduit-hyper (=0.3.0)

conduit-hyper CARGO version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on conduit-hyper and may be impacted: - sentry-conduit =0.1.0, =0.3.0 Source cves: CVE-2022-39294 Source advisory: OSV:RUSTSEC-2022-0066...

PT-2022-24876 · Unknown · Conduit-Hyper

Name of the Vulnerable Software and Affected Versions: conduit-hyper versions prior to 0.4.2 Description: The issue arises from conduit-hyper not checking any limit on a request's length before calling hyper::body::to bytes. An attacker could send a malicious request with an abnormally large...