Lucene search
K

5 matches found

OSV
OSV
added 2026/06/23 9:59 p.m.5 views

GHSA-R6FJ-869H-4F6Q OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversary the OHTTP relay itself, or any MITM on the relay↔gateway or relay↔client transport can forward a...

8.7CVSS5.9AI score0.00167EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 5:39 p.m.32 views

CVE-2026-48480 netty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 5:39 p.m.13 views

CVE-2026-48480 netty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 5:39 p.m.24 views

CVE-2026-48480

The CVE concerns the netty incubator codec.bhttp (codec-ohttp) where, prior to 0.0.22.Final, the implementation of draft-ietf-ohai-chunked-ohttp fails to verify that a cryptographically-signed final chunk was received before the outer HTTP body ends. This allows an on-path adversary (OHTTP relay ...

8.7CVSS5.8AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 5:39 p.m.4 views

CVE-2026-48480 netty-incubator-codec-ohttp OHttpVersionChunkDraft's Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS6AI score0.00167EPSS
Exploits0References4
Rows per page
Query Builder