CVE-2017-18587 — CRLF Injection in Hyper

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 56.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 26

Latest updateAug 25

Description

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

▶NVDhyper/hyper0.10.0 — 0.10.2+1

▶crates.iohyper/hyper0.0.0-0 — 0.9.18+2

GHSA

Headers containing newline characters can split messages in hyper↗2021-08-25

▶

OSV

Headers containing newline characters can split messages in hyper↗2021-08-25

▶

OSV

headers containing newline characters can split messages↗2017-01-23

▶

Debian

CVE-2017-18587: rust-hyper - An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles...↗2017

▶