CVE-2020-25574

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-25574

CGA ID

CGA-mq25-568g-hr6q

Severity

7.5

High

CVSS V3

Description

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

References

https://images.chainguard.dev/security/CGA-mq25-568g-hr6q
https://github.com/advisories/GHSA-x7vr-c387-8w57
https://rustsec.org/advisories/RUSTSEC-2019-0033.html
https://github.com/hyperium/http/issues/352
https://security-tracker.debian.org/tracker/CVE-2020-25574

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2020-25574

Severity

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources