When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length (between usize::MAX - 1 and usize::MAX inclusive) and send it, causing the server to crash (integer overflow panic in debug builds, split to out of bounds panic in release builds).

This was fixed in vibeio-http 0.3.2 by erroring on the chunk length if it exceeds usize::MAX - 2 (using checked add() instead of + operator), preventing integer overflow.