CVE-2017-18589 — Improper Input Validation in Project Cookie

Severity

7.5HIGHNVD

EPSS

0.3%

top 43.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 26

Latest updateAug 25

Description

An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

▶crates.iocookie_project/cookie0.6.0 — 0.6.2+2

GHSA

Improper Input Validation in cookie↗2021-08-25

▶

OSV

Improper Input Validation in cookie↗2021-08-25

▶

OSV

Large cookie Max-Age values can cause a denial of service↗2017-05-06

▶

Debian

CVE-2017-18589: rust-cookie - An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integer...↗2017

▶