Lucene search
K

1788 matches found

Snyk
Snyk
added 2026/06/04 8:16 p.m.7 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to the lack of enforcement for receiving a cryptographically-signed final chunk before the termination of the outer HTTP body. An attacker can cause undetected truncation of chunked messages by forwarding...

8.7CVSS5.4AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 5:39 p.m.22 views

CVE-2026-48480

The CVE concerns the netty incubator codec.bhttp (codec-ohttp) where, prior to 0.0.22.Final, the implementation of draft-ietf-ohai-chunked-ohttp fails to verify that a cryptographically-signed final chunk was received before the outer HTTP body ends. This allows an on-path adversary (OHTTP relay ...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 5:39 p.m.31 views

CVE-2026-48480 netty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:39 p.m.8 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46315

Name of the Vulnerable Software and Affected Versions netty incubator codec-ohttp versions prior to 0.0.22.Final Description The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp fails to verify the receipt of a cryptographically-signed final chunk before the outer HTTP body terminates...

8.7CVSS5.5AI score0.00167EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.15 views

SUSE CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.13 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/02 11:27 a.m.11 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/06/02 1:38 a.m.14 views

SUSE CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
NVD
NVD
added 2026/06/01 5:17 p.m.39 views

CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 4:39 p.m.30 views

CVE-2026-45157 Nextcloud: Valid share tokens allow to access tempory upload files of share owner

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:39 p.m.11 views

EUVD-2026-33676

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/01 1:29 p.m.12 views

CVE-2026-45352

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request that includes a negative chunk-size in the chunked Transfer-Encoding. This incorrect parsing leads to unbounded memory allocation, causing the...

7.5CVSS5.8AI score0.00327EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/29 9:15 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper validation of the chunk-size field in chunked Transfer-Encoding within the ChunkedDecoder::readpayload function. An attacker can cause unbounded memory allocation and...

7.5CVSS5.8AI score0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/05/29 8:16 p.m.22 views

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.11 views

DEBIAN-CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.8 views

UBUNTU-CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:14 p.m.11 views

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/29 7:14 p.m.14 views

EUVD-2026-33425

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:14 p.m.8 views

CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References1
Rows per page
Query Builder