CVE-2026-32239

A flaw was found in the KJ-HTTP component of Cap’n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the KJ-HTTP process. An attacker can cause the system to interpret a negative Content-Length value as an extremely large unsigned value by sending specially crafted HTTP requests or responses, potentially...

CVE-2026-32240 Cap'n Proto: Integer overflow in KJ-HTTP chunk size

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

CVE-2026-32240

Cap'n Proto prior to 1.4.0 has a vulnerability where, with Transfer-Encoding: chunked, a chunk size parsed to >= 2^64 would be truncated to 64 bits, potentially enabling HTTP request/response smuggling. The issue affects Cap'n Proto’s chunked transfer handling and is fixed in 1.4.0. According ...

CVE-2026-32239

Cap'n Proto prior to 1.4.0 mishandles a negative Content-Length value by converting it to unsigned, effectively allowing an HTTP request/response smuggling vector. The issue affects Cap'n Proto’s data interchange/RPC handling where untrusted HTTP boundaries could be exploited. The vulnerability i...

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

EUVD-2023-52302

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-48230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression...

DEBIAN-CVE-2023-48230

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

CVE-2023-48230

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

CVE-2023-48230

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

Heap overflow

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

CVE-2023-48230 Cap'n Proto WebSocket message can cause crash

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

CVE-2023-48230

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

CVE-2023-48230

Cap'n Proto 1.0/1.0.1 with KJ HTTP and WebSocket compression enabled is vulnerable to a remote-denial-of-service: a remote peer can trigger a buffer underrun on a heap-allocated buffer, which writes a constant 4‑byte string { 0x00, 0x00, 0xFF, 0xFF } and can crash the process. The issue is tied t...

CVE-2023-48230 Cap'n Proto WebSocket message can cause crash

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

PT-2023-30747 · Unknown · Cap'N Proto +1

Name of the Vulnerable Software and Affected Versions: Cap'n Proto versions 1.0 through 1.0.1 Description: The issue is related to a buffer underrun that can be caused by a remote peer when using the KJ HTTP library with WebSocket compression enabled. This can result in a crash, enabling a remote...