<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String
References
Link | Resource |
---|---|
https://research.jfrog.com/vulnerabilities/axum-core-dos/ | Exploit Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2022-0055.html | Exploit Issue Tracking Patch Third Party Advisory |
https://research.jfrog.com/vulnerabilities/axum-core-dos/ | Exploit Third Party Advisory |
https://rustsec.org/advisories/RUSTSEC-2022-0055.html | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://research.jfrog.com/vulnerabilities/axum-core-dos/ - Exploit, Third Party Advisory | |
References | () https://rustsec.org/advisories/RUSTSEC-2022-0055.html - Exploit, Issue Tracking, Patch, Third Party Advisory |
16 Sep 2022, 19:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-770 | |
References | (CONFIRM) https://research.jfrog.com/vulnerabilities/axum-core-dos/ - Exploit, Third Party Advisory | |
References | (CONFIRM) https://rustsec.org/advisories/RUSTSEC-2022-0055.html - Exploit, Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:axum-core_project:axum-core:0.3.0:rc1:*:*:*:rust:*:* cpe:2.3:a:axum-core_project:axum-core:*:*:*:*:*:rust:*:* |
14 Sep 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-14 16:15
Updated : 2024-11-21 07:19
NVD link : CVE-2022-3212
Mitre link : CVE-2022-3212
CVE.ORG link : CVE-2022-3212
JSON object : View
Products Affected
axum-core_project
- axum-core
CWE
CWE-770
Allocation of Resources Without Limits or Throttling