Lucene search
K

15 matches found

OSV
OSV
added 2026/06/23 9:59 p.m.3 views

GHSA-R6FJ-869H-4F6Q OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversary the OHTTP relay itself, or any MITM on the relay↔gateway or relay↔client transport can forward a...

8.7CVSS5.9AI score0.00167EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 9:59 p.m.13 views

EUVD-2026-34311

OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/04 8:16 p.m.8 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step due to the lack of enforcement for receiving a cryptographically-signed final chunk before the termination of the outer HTTP body. An attacker can cause undetected truncation of chunked messages by forwarding...

8.7CVSS5.4AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.15 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 5:39 p.m.32 views

CVE-2026-48480 netty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:39 p.m.8 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 5:39 p.m.22 views

CVE-2026-48480

The CVE concerns the netty incubator codec.bhttp (codec-ohttp) where, prior to 0.0.22.Final, the implementation of draft-ietf-ohai-chunked-ohttp fails to verify that a cryptographically-signed final chunk was received before the outer HTTP body ends. This allows an on-path adversary (OHTTP relay ...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 5:39 p.m.12 views

CVE-2026-48480 netty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.27 views

PT-2026-46315

Name of the Vulnerable Software and Affected Versions netty incubator codec-ohttp versions prior to 0.0.22.Final Description The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp fails to verify the receipt of a cryptographically-signed final chunk before the outer HTTP body terminates...

8.7CVSS5.5AI score0.00167EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/04/22 3:44 p.m.7 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS5.9AI score0.00585EPSS
Exploits0References7
OSV
OSV
added 2022/08/23 5:15 a.m.3 views

CVE-2022-25888

The package opcua from 0.0.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB each...

7.5CVSS7.1AI score0.0103EPSS
Exploits0References3
OSV
OSV
added 2022/08/23 5:15 a.m.4 views

DEBIAN-CVE-2022-25304

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7.3AI score0.01063EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:0 a.m.6 views

CVE-2022-21208

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

7.5CVSS7.1AI score0.01167EPSS
Exploits0References5
Snyk
Snyk
added 2022/08/22 12:56 p.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e....

7.5CVSS7AI score0.01063EPSS
Exploits0References2
Snyk
Snyk
added 2022/08/22 9:5 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e....

7.5CVSS7AI score0.01127EPSS
Exploits0References2
Rows per page
Query Builder