Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.8 views

CVE-2022-39294

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

7.5CVSS6.5AI score0.00689EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.41 views

CVE-2022-39294 (DoS) Denial of Service from unchecked request length in conduit-hyper

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

7.5CVSS7.6AI score0.00689EPSS
Exploits0References1
CVE
CVE
added 2022/10/31 12:0 a.m.70 views

CVE-2022-39294

CVE-2022-39294 affects conduit-hyper prior to 0.4.2, a Rust crate that integrates conduit with hyper. The root cause is that earlier versions did not enforce any limit on the request length before calling hyper::body::to_bytes, allowing an attacker to send a malicious request with an abnormally l...

7.5CVSS7.4AI score0.00689EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2022/10/30 12:0 p.m.7 views

sentry-conduit (>=0.1.0 <=0.3.0) potentially affected by CVE-2022-39294 via conduit-hyper (=0.3.0)

conduit-hyper CARGO version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on conduit-hyper and may be impacted: - sentry-conduit =0.1.0, =0.3.0 Source cves: CVE-2022-39294 Source advisory: OSV:RUSTSEC-2022-0066...

7.5CVSS7.1AI score0.00689EPSS
Exploits0
Rows per page
Query Builder