CVE-2019-25009

Name of the Vulnerable Software and Affected Versions http crate versions prior to 0.1.20

Description An issue was discovered in the http crate for Rust, where the HeaderMap::Drain API can use a raw pointer, defeating soundness. This introduced unsoundness in its public safe API, potentially causing double-free issues if the Drain struct is not properly dropped, and violating Rust's alias rule, which can lead to data races with Drain's Iterator implementation.

Recommendations For versions prior to 0.1.20, update to version 0.1.20 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the HeaderMap::Drain API until the update is applied.