An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25574
Reference (s):
- https://github.com/hyperium/http/issues/352
- https://rustsec.org/advisories/RUSTSEC-2019-0033.html