Miggo Logo

CVE-2019-16140: Use-after-free in chttp

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.65384%
Published
8/25/2021
Updated
11/6/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
chttprust>= 0.1.1, < 0.1.30.1.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the From<Buffer> for Vec<u8> implementation where Vec::from_raw_parts was called on a temporary slice. The original code didn't account for slice ownership - when the slice went out of scope, it would deallocate the memory that the newly created Vec was referencing. The fix explicitly calls mem::forget(slice) to prevent this premature deallocation. The affected code is clearly shown in the pre-patch version of src/buffer.rs lines 192-195, making this the definitive vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *rom impl*m*nt*tion *or V** w*s not prop*rly impl*m*nt**, r*turnin* * v**tor ***k** *y *r*** m*mory. T*is *oul* l*** to m*mory *orruption or ** *xploit** to **us* un***in** ****vior. * *ix w*s pu*lis*** in v*rsion *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom t** *rom<*u***r> *or V**<u*> impl*m*nt*tion w**r* V**::*rom_r*w_p*rts w*s **ll** on * t*mpor*ry sli**. T** ori*in*l *o** *i*n't ***ount *or sli** own*rs*ip - w**n t** sli** w*nt out o* s*op*, it woul* ***llo**t* t** m*mor