CVE-2017-18587

Name of the Vulnerable Software and Affected Versions hyper crate versions prior to 0.9.18

Description The issue concerns the mishandling of newlines in headers, specifically that serializing of headers to the socket did not filter the values for newline bytes (r or ), allowing for header values to split a request or response. This could be exploited if an application constructs headers based on unsanitized user input. The issue was fixed by replacing all newline characters with a space during serialization of a header value.

Recommendations For versions prior to 0.9.18, update to version 0.9.18 or later to resolve the issue. As a temporary workaround, consider sanitizing user input used in constructing headers to prevent the inclusion of newline characters. Restrict access to applications that construct headers based on user input to minimize the risk of exploitation.