Vulnerability Database

296,746

Total vulnerabilities in the database

Parser creates invalid uninitialized value

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate). This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.

Published: Jun 16, 2022
Updated: Apr 14, 2023
GHSA: GHSA-f67m-9j94-qv9j
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hyper	-	0.14.12

https://github.com/hyperium/hyper/pull/2545
https://rustsec.org/advisories/RUSTSEC-2022-0022.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo