HIGH🇬🇧 English

CVE-2022-31394

CVSS 7.5v3.1pub. 2023-02-21upd. 2025-03-17

Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Hyper

    APP
    Hyper
    < 0.14.19
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-35863CRITICAL9.8ten sam produkt

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote c...

CVE-2023-26964HIGH7.5ten sam produkt

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP...

CVE-2021-32714MEDIUM5.9ten sam produkt

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a fla...

CVE-2021-21299MEDIUM4.8ten sam produkt

hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0....

CVE-2016-10932MEDIUM4.8ten sam produkt

An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-midd...