CVE-2026-48480: Netty Ohttp Missing Final Chunk Check
The OHTTP chunked message parser does not track whether a final chunk was received before the outer HTTP body completes. An on-path adversary can forward a truncated chunked message that terminates at a non-final chunk boundary without producing a decryption error. Check if a final chunk was processed across the message stream, and throw an exception if the
Javaβgreprules fetch cve-2026-48480-netty-ohttp-missing-final-chunk-check --engine opengrepDescription
The OHTTP chunked message parser does not track whether a final chunk was received before the outer HTTP body completes. An on-path adversary can forward a truncated chunked message that terminates at a non-final chunk boundary without producing a decryption error. Check if a final chunk was processed across the message stream, and throw an exception if the
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0