This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate headers


(8 total, 6 outdated, 1 insecure)

 base64^ of date
 bitflags^ to date
 bytes^ of date
 headers-core^ of date
 mime^ to date
 sha-1^ of date
 time^ of date

Security Vulnerabilities

http: Integer Overflow in HeaderMap::reserve() can cause Denial of Service


HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased capacity. However, next_power_of_two() silently overflows to 0 if given a sufficently large number in release mode.

If the map was not empty when the overflow happens, the library will invoke self.grow(0) and start infinite probing. This allows an attacker who controls the argument to reserve() to cause a potential denial of service (DoS).

The flaw was corrected in 0.1.20 release of http crate.

http: HeaderMap::Drain API is unsound