Bug 2447117 (CVE-2026-32240)
| Summary: | CVE-2026-32240 capnproto: Cap'n Proto: Integer overflow in KJ-HTTP chunk size | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the KJ-HTTP component of Cap’n Proto when processing HTTP messages that use Transfer-Encoding: chunked. If a chunk size is parsed as a value equal to or greater than 2^64, the value may be truncated when converted to a 64-bit integer. An attacker could exploit this behavior by sending specially crafted HTTP messages containing excessively large chunk sizes. This may cause incorrect interpretation of HTTP message boundaries and could theoretically enable HTTP request or response smuggling in applications that rely on the affected HTTP implementation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-03-12 20:02:03 UTC
Upstream Advisory: https://github.com/capnproto/capnproto/security/advisories/GHSA-vpcq-mx5v-32wm Upstream Commits: master (1.x) branch: https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36 v2 branch: https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0 |