Remote DoS in httpx 1.7.0 – Out-of-Bounds Read via Malformed Tag

Posted by Brian Carpenter via Fulldisclosure on Jun 25Hey list, You can remotely crash httpx v1.7.0 (by ProjectDiscovery) by serving a malformed tag on your website. The bug <br> is a classic out-of-bounds read in trimTitleTags() due to a missing bounds check when slicing the title string. It <br> panics with:<br> <br> panic: runtime error: slice bounds out of range [9:6]<br> <br> Affects anyone using httpx in their automated scanning pipeline. One malformed HTML response = scanner down. Unit <br> testing or...<br>