Miggo Logo

CVE-2021-38512: HTTP Request Smuggling in actix-http

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.61251%
Published
8/25/2021
Updated
2/3/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
actix-httprust< 2.2.12.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from three main issues: 1) Improper chunk size parsing that allowed integer overflows and invalid size values (fixed by adding checked_mul and character validation), 2) Header parsing that permitted multiple Transfer-Encoding headers and invalid values (fixed by adding validation checks), and 3) Insufficient validation of chunk extension characters. The commit introduced a new chunked.rs with strict state machine handling, added overflow checks in read_size, and enhanced header validation in decoder.rs. Test cases like hrs_chunk_extension_invalid and hrs_chunk_size_overflow in the diff confirm these were the vulnerable areas.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* *i* not prop*rly **t**t inv*li* r*qu*sts t**t *oul* *llow *TTP/* r*qu*st smu**lin* (*RS) *tt**ks w**n runnin* *lon*si** * vuln*r**l* *ront-*n* proxy s*rv*r. T*is **n r*sult in l**k** int*rn*l *n*/or us*r **t*, in*lu*in

Reasoning

T** vuln*r**ility st*mm** *rom t*r** m*in issu*s: *) Improp*r **unk siz* p*rsin* t**t *llow** int***r ov*r*lows *n* inv*li* siz* v*lu*s (*ix** *y ***in* ****k**_mul *n* ***r**t*r v*li**tion), *) *****r p*rsin* t**t p*rmitt** multipl* Tr*ns**r-*n*o*in