Parser creates invalid uninitialized value

Published: Jun 16, 2022
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-f67m-9j94-qv9j" target="_blank" rel="noopener"> GHSA-f67m-9j94-qv9j
Severity: High
Exploit:

Affected versions of this crate called mem::uninitialized() in the HTTP1 parser to create values of type httparse::Header (from the httparse crate). This is unsound, since Header contains references and thus must be non-null.

The flaw was corrected by avoiding the use of mem::uninitialized(), using MaybeUninit instead.