CVE-2017-18587 – hyper

Package

Manager: cargo
Name: hyper
Vulnerable Version: >=0.10.0 <0.10.2 || >=0 <0.9.18

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

EPSS: 0.00215 pctl0.44028

Details

Headers containing newline characters can split messages in hyper Serializing of headers to the socket did not filter the values for newline bytes (\r or \n), which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an application constructs headers based on unsanitized user input. This issue was fixed by replacing all newline characters with a space during serialization of a header value.

Metadata

Created: 2021-08-25T20:43:04Z
Modified: 2023-06-13T17:39:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-q89x-f52w-6hj2/GHSA-q89x-f52w-6hj2.json
CWE IDs: ["CWE-93"]
Alternative ID: GHSA-q89x-f52w-6hj2
Finding: F184
Auto approve: 1