CVE-2020-25574

Опубликовано: 14 сент. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

Ссылки

https://github.com/hyperium/http/issues/352
Exploit
Patch
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2019-0033.html
Vendor Advisory
https://github.com/hyperium/http/issues/352
Exploit
Patch
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2019-0033.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hyper:http:*:*:*:*:*:*:*:*

Версия до 0.1.20 (исключая)

EPSS

Процентиль: 82%

0.01814

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2020-25574

CVSS3: 7.5

ubuntu

больше 5 лет назад

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

CVE-2020-25574

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in the http crate before 0.1.20 for Rust. An i ...

GHSA-x7vr-c387-8w57

CVSS3: 7.5

github

больше 4 лет назад

Integer Overflow/Infinite Loop in the http crate

EPSS

Процентиль: 82%

0.01814

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190