Bug 2447106 (CVE-2026-32239)
| Summary: | CVE-2026-32239 capnproto: Cap'n Proto has an integer overflow in KJ-HTTP | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the KJ-HTTP component of Cap’n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP messages containing negative Content-Length values. This may lead to inconsistent interpretation of HTTP message boundaries and could theoretically enable HTTP request or response smuggling scenarios in applications that rely on Cap’n Proto’s HTTP implementation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2447306, 2447307 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-12 20:01:26 UTC
Upstream Advisory: https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm Upstream Commits: master (1.x) branch: https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36 v2 branch: https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0 |