CVE-2017-18587

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.
CRLF Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
hyperhyper
𝑥
< 0.9.18
hyperhyper
0.10.0 ≤
𝑥
< 0.10.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-hyper
bookworm
0.14.19-1
fixed
sid
0.14.27-2
fixed
trixie
0.14.27-2
fixed
Common Weakness Enumeration
References
https://rustsec.org/advisories/RUSTSEC-2017-0002.html
https://rustsec.org/advisories/RUSTSEC-2017-0002.html