Bug 1180660 (CVE-2020-25574) - VUL-0: CVE-2020-25574: rust: integer overflow in HeaderMap::reserve() could result in denial of service
Summary: VUL-0: CVE-2020-25574: rust: integer overflow in HeaderMap::reserve() could r...
Status: RESOLVED FIXED
Alias: CVE-2020-25574
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: William Brown
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/267371/
Whiteboard: CVSSv3.1:SUSE:CVE-2019-25008:5.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-07 11:44 UTC by Alexandros Toptsoglou
Modified: 2022-01-21 12:34 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-01-07 11:44:00 UTC 
CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer
overflow in HeaderMap::reserve() could result in denial of service (e.g., an
infinite loop).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25574
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25574.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25574
https://github.com/hyperium/http/issues/352
https://rustsec.org/advisories/RUSTSEC-2019-0033.html
Comment 1 Alexandros Toptsoglou 2021-01-07 11:45:28 UTC 
rust embeds http 0.1.19. Therefor these
codestreams are affected:

- SUSE:SLE-15:Update/rust
- SUSE:SLE-15-SP1:Update/rust
Comment 2 Scott Reeves 2021-03-02 18:40:49 UTC 
Can you take this Federico...
Comment 3 Robert Frohl 2022-01-21 12:33:31 UTC 
also the http crate was removed with version 1.46.0 (by
6654c5852f76d6b55ebdacc0d428cad5b3dbdbed)

Which means SLE15-SP3 is not affected, because rust1.43 is out of support.
SLE15 and SLE15-SP1 are now on 1.53.
Comment 4 Robert Frohl 2022-01-21 12:34:19 UTC 
closing