CVE-2017-18587: Headers containing newline characters can split messages in hyper

August 25, 2021 (updated June 13, 2023)

Serializing of headers to the socket did not filter the values for newline bytes (\r or \n), which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an application constructs headers based on unsanitized user input.

This issue was fixed by replacing all newline characters with a space during serialization of a header value.

References

github.com/advisories/GHSA-q89x-f52w-6hj2
github.com/hyperium/hyper
github.com/hyperium/hyper/wiki/Security-001
nvd.nist.gov/vuln/detail/CVE-2017-18587
rustsec.org/advisories/RUSTSEC-2017-0002.html

Detect and mitigate CVE-2017-18587 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →