Project

General

Profile

Actions

Bug #19731

closed

Two vulnerabilities in hyper

Added by Alexis Mousset over 3 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

RUSTSEC-2021-0079

https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9

For a possible request smuggling attack to be possible, any upstream proxies must accept a chunk size greater than 64 bits.

Apache prevents sizes > 64bits since 2015: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2015-3183

RUSTSEC-2021-0078

https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c

To be vulnerable, hyper must be used as an HTTP/1 server and using an HTTP proxy upstream that ignores the header's contents but still forwards it. Due to all the factors that must line up, an attack exploiting this vulnerability is unlikely.

Apache 2.4 parses Content-Length headers with plus sign like hyper.


Subtasks 1 (0 open1 closed)

Bug #19732: Two vulnerabilities in hyper - fixed in 7.0ReleasedNicolas CHARLESActions
Actions

Also available in: Atom PDF