minreq will use an unbounded amount of memory if the server sends a single infinitely large header. This can be used to exhaust the memory on the machine and cause a denial of service.
You can reproduce the issue by running the following in Linux console and then connecting to localhost:8080 with minreq:
( echo -e "HTTP/1.1 200 OK\r"; echo -n "Huge-header: "; yes A | tr -d '\n' ) | nc -l localhost 8080
Tested using this code for minreq. You can inspect the Cargo.lock to know the exact dependency versions.
minreq will use an unbounded amount of memory if the server sends a single infinitely large header. This can be used to exhaust the memory on the machine and cause a denial of service.
You can reproduce the issue by running the following in Linux console and then connecting to
localhost:8080with minreq:( echo -e "HTTP/1.1 200 OK\r"; echo -n "Huge-header: "; yes A | tr -d '\n' ) | nc -l localhost 8080Tested using this code for minreq. You can inspect the Cargo.lock to know the exact dependency versions.