CVE-2019-16140

Name of the Vulnerable Software and Affected Versions chttp crate versions prior to 0.1.3

Description An issue was discovered in the chttp crate, where there is a use-after-free during buffer conversion. The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior.

Recommendations For versions prior to 0.1.3, update to version 0.1.3 to resolve the issue. As a temporary workaround, consider avoiding the use of the From implementation for Vec until the update is applied.