Netty Netty-incubator-codec-ohttp
5 CVEs affecting Netty Netty-incubator-codec-ohttp. Latest disclosed: 2026-06-04. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48040 | Critical | 9.1 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JN… |
CVE-2024-40642 | High | 8.1 | 2024-07-18 | The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input value… |
CVE-2024-36121 | Medium | 5.9 | 2024-06-04 | netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this s… |
CVE-2026-41207 | Medium | 5.3 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is fi… |
CVE-2026-48480 | | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked… |