Miggo Logo

CVE-2021-32715: Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

3.1

CVSS Score
3.1

Basic Information

EPSS Score
0.52464%
Published
7/12/2021
Updated
4/3/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
hyperrust< 0.14.100.14.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from hyper's HTTP/1 server accepting Content-Length headers with '+' prefixes. The root cause was in content_length_parse using FromStr<u64> which allows '+' (via rust-lang/rust#28826). This function was directly replaced in the patch with a strict digit-only parser (from_digits). The Server implementation in role.rs propagated this vulnerability by using content_length_parse without additional validation. The patch modifies both locations, and test cases explicitly target these code paths with '+5' Content-Length values.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry *yp*r's *TTP/* s*rv*r *o** *** * *l*w t**t in*orr**tly p*rs*s *n* ****pts r*qu*sts wit* * `*ont*nt-L*n*t*` *****r wit* * pr**ix** plus si*n, w**n it s*oul* **v* ***n r*j**t** *s ill***l. T*is *om*in** wit* *n upstr**m *TTP proxy t**t *o*

Reasoning

T** vuln*r**ility st*ms *rom *yp*r's *TTP/* s*rv*r ****ptin* *ont*nt-L*n*t* *****rs wit* '+' pr**ix*s. T** root **us* w*s in *ont*nt_l*n*t*_p*rs* usin* *romStr<u**> w*i** *llows '+' (vi* rust-l*n*/rust#*****). T*is *un*tion w*s *ir**tly r*pl**** in t