Hyper Security Vulnerabilities

CVE-2024-1191

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2024-23741

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service...

CVE-2022-39294

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a.....

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2...

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-21299

hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback...

CVE-2019-25009

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating...

CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite...

CVE-2017-18587

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in...

CVE-2016-10932

An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was...

CVE-2018-10205

hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for...

CVE-2018-9862

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to...

CVE-2006-5774

Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown...

CVE-2006-3671

Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown...

CVE-2005-3421

estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode...