- CVSS Score
- CVSS Details
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- CVSS Vector
- Affected Functions
usize::next_power_of_two() to calculate the increased capacity.
next_power_of_two() silently overflows to 0 if given a sufficiently large number
in release mode.
If the map was not empty when the overflow happens,
the library will invoke
self.grow(0) and start infinite probing.
This allows an attacker who controls the argument to
to cause a potential denial of service (DoS).
The flaw was corrected in 0.1.20 release of