PT-2021-6447 · Hyper · Hyper

Asta Olofsson

Published

2021-07-07

Updated

2021-07-22

CVE-2021-32715

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions hyper versions prior to 0.14.10

Description The issue is related to the incorrect parsing and acceptance of requests with a Content-Length header containing a prefixed plus sign. This can lead to "request smuggling" or "desync attacks" when combined with an upstream HTTP proxy that does not parse such headers but forwards them. The estimated likelihood of an attack exploiting this vulnerability is considered low due to the specific conditions required.

Recommendations For versions prior to 0.14.10, consider the following workarounds:

Reject requests manually that contain a plus sign prefix in the Content-Length header.
Ensure any upstream proxy handles Content-Length headers with a plus sign prefix. For a permanent fix, update to version 0.14.10 or later.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

BDU:2022-01647

CVE-2021-32715

GHSA-F3PG-QWVG-P99C

OPENSUSE-SU-2024:11751-1

RUSTSEC-2021-0078

Affected Products

Hyper

PT-2021-6447 · Hyper · Hyper

CVE-2021-32715

Weakness Enumeration

Related Identifiers

Affected Products

References · 16