CVE-2026-48040: Netty Jni Direct Buffer Offset Bypass
A native memory pointer is retrieved from a Netty ByteBuf by fallback to `internalNioBuffer(0, buffer.capacity())`. JNI's `GetDirectBufferAddress` returns the base address of the shared chunk. By passing the full capacity and ignoring the explicit slice offset (`ByteBuffer.position()`), out-of-bounds access happens on pooled buffers. Calculate memory address
Javaβgreprules fetch cve-2026-48040-netty-jni-direct-buffer-offset-bypass --engine opengrepDescription
A native memory pointer is retrieved from a Netty ByteBuf by fallback to `internalNioBuffer(0, buffer.capacity())`. JNI's `GetDirectBufferAddress` returns the base address of the shared chunk. By passing the full capacity and ignoring the explicit slice offset (`ByteBuffer.position()`), out-of-bounds access happens on pooled buffers. Calculate memory address
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0