GHSA-243V-98VX-264H Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Impact Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http crate is backed by a data structure which panics when it reaches excessive capacity and this...

EUVD-2023-39929

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite...

SUSE CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy's setCopy header map API does not replace all existing occurences of a non-inline header...

CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...

SUSE CVE-2019-25009

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness...

SUSE CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite loop...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in http crate in versions of Mozilla Rust prior to 0.1.20, which stems from HeaderMap:: The Drain API can use raw pointers to corrupt sound effects. No details of the vulnerabilit...

Rust Input Validation Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An input validation error vulnerability exists in Rust http crate before 0.1.20, which stems from an integer overflow in HeaderMap::reserve, allowing an attacker to cause a denial of service...

CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy header map API does not replace all existing occurences of a non-inline header...

PT-2020-15892 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.15.0 Description: The issue arises because Envoy only considers the first value when multiple header values are present for some HTTP headers. Additionally, Envoy's setCopy header map API does not replace all existin...

DEBIAN-CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite loop...

UBUNTU-CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite loop...