CVE-2026-41207 in netty-incubator-codec-ohttp
Summary
by MITRE • 06/04/2026
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVP_HPKE_CTX_export fails it also returns an empty byte[] array filled with zeros. This byte[] feeds directly into OHttpCrypto.createResponseAEAD(...). A silent all-zero export secret would produce a deterministic, attacker-predictable AEAD key. Version 0.0.21.Final patches the issue.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/04/2026
The vulnerability described affects the netty incubator codec.bhttp library, a java-based binary HTTP parser component that handles HTTP protocol parsing operations. This issue specifically targets the HKDF (HMAC-based Extract-and-Expand Key Derivation Function) implementation within the cryptographic operations of the library. The flaw exists in versions prior to 0.0.21.Final where the HKDF_expand function exhibits problematic behavior by returning a non-null value even when the operation fails. This creates a critical security gap because the function fills the returned byte array with zeros while simultaneously indicating success through its return value, making it impossible for the calling code to distinguish between successful and failed operations.
The technical implementation problem stems from the improper error handling within the HKDF expansion mechanism where failure conditions do not properly propagate error states to the calling functions. When the EVP_HPKE_CTX_export function fails, it returns an empty byte array filled entirely with zeros rather than indicating failure through appropriate error codes or exceptions. This problematic behavior directly feeds into the OHttpCrypto.createResponseAEAD method, which consumes this potentially corrupted key material. The consequence of this flaw is severe as it results in deterministic, attacker-predictable AEAD (Authenticated Encryption with Associated Data) keys being generated. This represents a fundamental breakdown in cryptographic security where the system produces predictable encryption keys that can be exploited by attackers to compromise the confidentiality and integrity of encrypted communications.
The operational impact of this vulnerability is significant for any system utilizing the affected netty library version, as it creates a silent cryptographic failure that allows attackers to potentially predict and manipulate encryption keys used for HTTP response authentication. This vulnerability aligns with CWE-254 weakness category, specifically addressing security flaws related to improper error handling in cryptographic operations. The issue also maps to ATT&CK technique T1552.001, which covers unsecured credentials, as the predictable nature of the all-zero keys essentially provides attackers with a form of credential compromise. The vulnerability essentially transforms a cryptographic failure into a predictable security weakness, allowing attackers to bypass encryption mechanisms and potentially access or manipulate sensitive HTTP response data. The fix implemented in version 0.0.21.Final addresses this by properly handling error conditions in the HKDF expansion process, ensuring that failures are correctly propagated and that the system does not silently produce deterministic cryptographic keys that can be exploited by malicious actors.