{"ecosystem":"cargo","package":"http","version":null,"bugs":[{"id":844,"ecosystem":"cargo","package_name":"http","affected_version":null,"fixed_version":"0.1.20","bug_id":"osv:GHSA-x7vr-c387-8w57","title":"Integer Overflow/Infinite Loop in the http crate","description":"HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficiently large number in release mode.\n\nIf the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).\n\nThe flaw was corrected in 0.1.20 release of http crate.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25574","labels":["CVE-2019-25008","CVE-2020-25574","GHSA-xvc9-xwgj-4cq9","RUSTSEC-2019-0033"],"created_at":"2026-04-19T04:32:00.558912+00:00","updated_at":"2026-04-19T04:32:00.558912+00:00"},{"id":846,"ecosystem":"cargo","package_name":"http","affected_version":"0.0.0-0","fixed_version":"0.1.20","bug_id":"osv:RUSTSEC-2019-0034","title":"HeaderMap::Drain API is unsound","description":"Affected versions of this crate incorrectly used raw pointer,\nwhich introduced unsoundness in its public safe API.\n\n[Failing to drop the Drain struct causes double-free](https://github.com/hyperium/http/issues/354),\nand [it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation](https://github.com/hyperium/http/issues/355).\n\nThe flaw was corrected in 0.1.20 release of `http` crate.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/http","labels":["CVE-2019-25009","GHSA-6rhx-hqxm-8p36"],"created_at":"2026-04-19T04:32:00.560814+00:00","updated_at":"2026-04-19T04:32:00.560814+00:00"},{"id":845,"ecosystem":"cargo","package_name":"http","affected_version":"0.0.0-0","fixed_version":"0.1.20","bug_id":"osv:RUSTSEC-2019-0033","title":"Integer Overflow in HeaderMap::reserve() can cause Denial of Service","description":"`HeaderMap::reserve()` used `usize::next_power_of_two()` to calculate the increased capacity.\nHowever, `next_power_of_two()` silently overflows to 0 if given a sufficiently large number\nin release mode.\n\nIf the map was not empty when the overflow happens,\nthe library will invoke `self.grow(0)` and start infinite probing.\nThis allows an attacker who controls the argument to `reserve()`\nto cause a potential denial of service (DoS).\n\nThe flaw was corrected in 0.1.20 release of `http` crate.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/http","labels":["CVE-2019-25008","CVE-2020-25574","GHSA-x7vr-c387-8w57","GHSA-xvc9-xwgj-4cq9"],"created_at":"2026-04-19T04:32:00.560032+00:00","updated_at":"2026-04-19T04:32:00.560032+00:00"},{"id":843,"ecosystem":"cargo","package_name":"http","affected_version":null,"fixed_version":"0.1.20","bug_id":"osv:GHSA-6rhx-hqxm-8p36","title":"Double free in http","description":"An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.","severity":"critical","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25009","labels":["CVE-2019-25009","RUSTSEC-2019-0034"],"created_at":"2026-04-19T04:32:00.556689+00:00","updated_at":"2026-04-19T04:32:00.556689+00:00"}],"total":4,"_cache":"miss"}