CVE-2022-3212

Опубликовано: 14 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String

Ссылки

https://research.jfrog.com/vulnerabilities/axum-core-dos/
Exploit
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2022-0055.html
Exploit
Issue Tracking
Patch
Third Party Advisory
https://research.jfrog.com/vulnerabilities/axum-core-dos/
Exploit
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2022-0055.html
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:axum-core_project:axum-core:*:*:*:*:*:rust:*:*

Версия до 0.2.8 (исключая)

cpe:2.3:a:axum-core_project:axum-core:0.3.0:rc1:*:*:*:rust:*:*

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

GHSA-m77f-652q-wwp4