CVE-2020-25574
https://notcve.org/view.php?id=CVE-2020-25574
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). Se detectó un problema en la crate http versiones anteriores a 0.1.20 para Rust. Un desbordamiento de enteros en la función HeaderMap::reserve() podría resultar en denegación de servicio (por ejemplo, un bucle infinito) • https://github.com/hyperium/http/issues/352 https://rustsec.org/advisories/RUSTSEC-2019-0033.html • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-18587
https://notcve.org/view.php?id=CVE-2017-18587
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers. Se descubrió un problema en el paquete (crate) hyper versiones anteriores a 0.9.18 para Rust. Maneja inapropiadamente newlines en los encabezados. • https://rustsec.org/advisories/RUSTSEC-2017-0002.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2016-10932
https://notcve.org/view.php?id=CVE-2016-10932
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. Se descubrió un problema en el paquete hiper en versiones anterior a la 0.9.4 para Rust en Windows. Hay una vulnerabilidad de dominio en el medio HTTPS porque se omitió la verificación del nombre de host. • https://rustsec.org/advisories/RUSTSEC-2016-0002.html • CWE-254: 7PK - Security Features •
CVE-2018-10205
https://notcve.org/view.php?id=CVE-2018-10205
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker. hyperstart 1.0.0 en HyperHQ Hyper tiene fugas de memoria en las funciones container_setup_modules y hyper_rescan_scsi en container.c. Esto se relaciona con runV 1.0.0 para Docker. • https://github.com/hyperhq/hyperstart/pull/350 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-9862
https://notcve.org/view.php?id=CVE-2018-9862
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697. util.c en runV 1.0.0 para Docker gestiona de manera incorrecta un usuario numérico, lo que permite que los atacantes obtengan acceso root aprovechando la presencia de un valor numérico inicial en una línea /etc/passwd y, a continuación, enviando un comando "docker exec" con ese valor en el argumento -u. Este problema es similar a CVE-2016-3697. • http://www.securityfocus.com/bid/103738 https://github.com/hyperhq/hyperstart/pull/348 • CWE-838: Inappropriate Encoding for Output Context •