CVE-2020-25574

Name of the Vulnerable Software and Affected Versions http crate versions prior to 0.1.20

Description An issue in the http crate for Rust could result in denial of service, such as an infinite loop, due to an integer overflow in HeaderMap::reserve(). The HeaderMap::reserve() function uses usize::next power of two() to calculate the increased capacity, but next power of two() silently overflows to 0 if given a sufficiently large number in release mode. If the map is not empty when the overflow happens, the library invokes self.grow(0) and starts infinite probing, allowing an attacker who controls the argument to reserve() to cause a potential denial of service.

Recommendations For http crate versions prior to 0.1.20, update to version 0.1.20 or later to resolve the issue. As a temporary workaround, consider restricting the use of the reserve() function in HeaderMap to minimize the risk of exploitation. Avoid using the reserve() function with large arguments until the issue is resolved.