Assign RUSTSEC-2019-0033 to http

Original PR: #217
rustsec · Jan 9, 2020 · 0e59ecb · 0e59ecb
1 parent 8c9c29b
commit 0e59ecb
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 79 deletions.
diff --git a/crates/http/RUSTSEC-0000-0000.toml b/crates/http/RUSTSEC-0000-0000.toml
diff --git a/crates/http/RUSTSEC-2019-0033.toml b/crates/http/RUSTSEC-2019-0033.toml
@@ -0,0 +1,24 @@
+[advisory]
+id = "RUSTSEC-2019-0033"
+package = "http"
+date = "2019-11-16"
+title = "Integer Overflow in HeaderMap::reserve() can cause Denial of Service"
+description = """
+`HeaderMap::reserve()` used `usize::next_power_of_two()` to calculate the increased capacity.
+However, `next_power_of_two()` silently overflows to 0 if given a sufficently large number
+in release mode.
+
+If the map was not empty when the overflow happens,
+the library will invoke `self.grow(0)` and start infinite probing.
+This allows an attacker who controls the argument to `reserve()`
+to cause a potential denial of service (DoS).
+
+The flaw was corrected in 0.2.0 release of `http` crate.
+"""
+patched_versions = [">= 0.2.0"]
+url = "https://github.com/hyperium/http/issues/352"
+categories = ["denial-of-service"]
+keywords = ["http", "integer-overflow", "DoS"]
+
+[affected.functions]
+"http::header::HeaderMap::reserve" = ["< 0.2.0"]