{"id":"GHSA-xvc9-xwgj-4cq9","summary":"Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service","details":"### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-x7vr-c387-8w57. This link is maintained to preserve external references.\n\n### Original Description\n\nHeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.\n\nIf the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).\n\nThe flaw was corrected in 0.1.20 release of http crate.","aliases":["CVE-2019-25008","CVE-2020-25574","GHSA-x7vr-c387-8w57","RUSTSEC-2019-0033"],"modified":"2024-02-21T19:50:55Z","published":"2022-06-16T23:08:02Z","withdrawn":"2024-02-21T19:50:55Z","database_specific":{"github_reviewed_at":"2022-06-16T23:08:02Z","github_reviewed":true,"nvd_published_at":null,"severity":"HIGH","cwe_ids":["CWE-190"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25008"},{"type":"WEB","url":"https://github.com/hyperium/http/issues/352"},{"type":"PACKAGE","url":"https://github.com/hyperium/http"},{"type":"WEB","url":"https://rustsec.org/advisories/RUSTSEC-2019-0033.html"}],"affected":[{"package":{"name":"http","ecosystem":"crates.io","purl":"pkg:cargo/http"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.1.20"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-xvc9-xwgj-4cq9/GHSA-xvc9-xwgj-4cq9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}