Parser creates invalid uninitialized value · GHSA-f67m-9j94-qv9j · GitHub Advisory Database · GitHub

Parser creates invalid uninitialized value

High severity GitHub Reviewed Published Jun 16, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023

Package

hyper (Rust)

Affected versions

< 0.14.12

Patched versions

0.14.12

Description

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate).
This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

References

Published to the GitHub Advisory Database Jun 16, 2022

Reviewed Jun 16, 2022

Last updated Jan 12, 2023