CVE-2026-48480
- EPSS 0.17%
- Veröffentlicht 04.06.2026 17:39:40
- Zuletzt bearbeitet 05.06.2026 16:00:09
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the ...
CVE-2026-48040
- EPSS 0.17%
- Veröffentlicht 04.06.2026 17:33:55
- Zuletzt bearbeitet 05.06.2026 21:04:54
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0...
CVE-2026-41207
- EPSS 0.19%
- Veröffentlicht 04.06.2026 17:22:35
- Zuletzt bearbeitet 05.06.2026 21:01:26
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is us...
CVE-2024-40642
- EPSS 0.67%
- Veröffentlicht 18.07.2024 23:15:02
- Zuletzt bearbeitet 09.10.2025 15:41:21
The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the...
CVE-2024-36121
- EPSS 0.27%
- Veröffentlicht 04.06.2024 22:15:10
- Zuletzt bearbeitet 21.11.2024 09:21:39
netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unf...