CVE-2019-25009

Опубликовано: 31 дек. 2020

Источник: debian

EPSS Низкий

Описание

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.

Пакет	Статус	Версия исправления	Релиз	Тип
rust-http	fixed	0.1.21-0.1		package
rust-http	no-dsa		buster	package

https://rustsec.org/advisories/RUSTSEC-2019-0034.html
https://github.com/hyperium/http/commit/82d53dbdfdb1ffbeb0323200a0bbd30b5f895fa7
https://github.com/hyperium/http/commit/8ffe094df1431321d450860cc56a22dd53175f5e

EPSS

Процентиль: 60%

0.00402

Низкий

CVE-2019-25009

CVSS3: 9.8

ubuntu

около 5 лет назад

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.

CVE-2019-25009

CVSS3: 9.8

nvd

около 5 лет назад

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.

GHSA-6rhx-hqxm-8p36

CVSS3: 9.8

github

больше 4 лет назад

Double free in http

EPSS

Процентиль: 60%

0.00402

Низкий