Intel

AIKIDO-2026-967860

hyper is vulnerable to Denial of Service (DoS)

Denial of Service (DoS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Yesterday

39

Low Risk

This Affects:

RUSThyper
1.10.0 - 1.10.0
Fixed in 1.10.1
Are you affected? Scan for Free

TL;DR

The HTTP/1 dispatch loop in src/proto/h1/dispatch.rs can keep re-polling without making progress when a peer half-closes the connection while an outgoing request body is still open. The can_write_again check only confirms that a body channel exists, and the write-continuation path treats an always-ready poll_flush as progress, so the connection task never parks. A remote peer that sends FIN without responding while the client streams a request body leaves the client task spinning at full CPU on that core until the next body frame is produced. The fix re-checks write readiness safely and requires the connection to still be in a body-writing state before continuing the loop.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and the HTTP/1 client sends requests with a streaming or otherwise open request body.

Background info

hyper is vulnerable to Denial of Service (DoS) in versions 1.10.0 - 1.10.0.

How to fix this

Upgrade the hyper library to the patch version.