CVE-2019-25008

HIGH7.5

Integer Overflow in HeaderMap::reserve() can cause Denial of Service

發布日:2021/8/25修改日:2023/11/8

也稱為:GHSA-x7vr-c387-8w57 GHSA-xvc9-xwgj-4cq9CGA-3phr-pc3x-mvpvRUSTSEC-2019-0033

描述

`HeaderMap::reserve()` used `usize::next_power_of_two()` to calculate the increased capacity. However, `next_power_of_two()` silently overflows to 0 if given a sufficiently large number in release mode. If the map was not empty when the overflow happens, the library will invoke `self.grow(0)` and start infinite probing. This allows an attacker who controls the argument to `reserve()` to cause a potential denial of service (DoS). The flaw was corrected in 0.1.20 release of `http` crate.

受影響套件(3)

crates.io/httpfrom 0, < 0.1.20
crates.io/httpfrom 0, < 0.1.20
crates.io/http>= 0.0.0-0, < 0.1.20

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-25008
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25574
PATCHhttps://crates.io/crates/http
PATCHhttps://github.com/hyperium/http
WEBhttps://github.com/hyperium/http/issues/352
WEBhttps://rustsec.org/advisories/RUSTSEC-2019-0033.html