vulnerability
Ubuntu: (CVE-2021-32715): rust-hyper vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jul 7, 2021 | Jun 26, 2025 | Aug 18, 2025 |
Description
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in "request smuggling" or "desync attacks". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix.
Solution
References
- CVE-2021-32715
- https://attackerkb.com/topics/CVE-2021-32715
- CWE-444
- URL-https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c
- URL-https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739
- URL-https://rustsec.org/advisories/RUSTSEC-2021-0078.html
- URL-https://www.cve.org/CVERecord?id=CVE-2021-32715
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.