CVE-2019-25009
https://notcve.org/view.php?id=CVE-2019-25009
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness. Se detectó un problema en la crate http versiones anteriores a 0.1.20 para Rust. La API de la función HeaderMap::Drain puede usar un puntero sin procesar, derrotando la solidez. • https://rustsec.org/advisories/RUSTSEC-2019-0034.html • CWE-415: Double Free •
CVE-2020-25574
https://notcve.org/view.php?id=CVE-2020-25574
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). Se detectó un problema en la crate http versiones anteriores a 0.1.20 para Rust. Un desbordamiento de enteros en la función HeaderMap::reserve() podría resultar en denegación de servicio (por ejemplo, un bucle infinito) • https://github.com/hyperium/http/issues/352 https://rustsec.org/advisories/RUSTSEC-2019-0033.html • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •