VYPR

Netty Incubator Codec Ohttp

by Netty

Source repositories

CVEs (3)

  • CVE-2026-48040CriJun 4, 2026
    risk 0.52cvss 9.1epss 0.00

    The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback…

  • CVE-2026-48480MedJun 4, 2026
    risk 0.36cvss epss 0.00

    The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates.…

  • CVE-2026-41207MedJun 4, 2026
    risk 0.27cvss 5.3epss 0.00

    The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for…