HistoryEdit

RUSTSEC-2019-0034

HeaderMap::Drain API is unsound

Issued
Package
http (crates.io)
Type
Vulnerability
Categories
Keywords
#memory-safety #double-free #unsound
Aliases
CVSS Score
9.8 CRITICAL
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Patched
  • >=0.1.20
Keywords
#memory-safety #double-free #unsound
Affected Functions
Version
http::header::HeaderMap::drain
  • <0.1.20

Description

Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API.

Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation.

The flaw was corrected in 0.1.20 release of http crate.