GHSA-f67m-9j94-qv9j

Опубликовано: 16 июн. 2022

Источник: github

Github: Прошло ревью

Описание

Parser creates invalid uninitialized value

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate). This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

Ссылки

https://github.com/hyperium/hyper/pull/2545
https://rustsec.org/advisories/RUSTSEC-2022-0022.html

Пакеты

Наименование

hyper

rust

Затронутые версииВерсия исправления

< 0.14.12

0.14.12