OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-07 04:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
45a4e9ee37c0e71b4e1e845c0125a662cd096aba
advisory-db/crates/hyper/RUSTSEC-2022-0022.md
Ralf Jung b4d8786707 fix hyper patched version number (#1250)
2022-05-20 13:16:20 +02:00

583 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0022"
package = "hyper"
date = "2022-05-10"
informational = "unsound"
url = "https://github.com/hyperium/hyper/pull/2545"

[versions]
patched = [">= 0.14.12"]

Parser creates invalid uninitialized value

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate). This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.