OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-17 00:56:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3338fcfb59cea5fcd7d2a4e7fe24cbc7cb778003
advisory-db/crates/hyper/RUSTSEC-2022-0022.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

617 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0022"
package = "hyper"
date = "2022-05-10"
informational = "unsound"
url = "https://github.com/hyperium/hyper/pull/2545"
aliases = ["GHSA-f67m-9j94-qv9j"]

[versions]
patched = [">= 0.14.12"]

Parser creates invalid uninitialized value

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate). This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.