netty-incubator-codec-ohttp up to 0.0.12 HTTP Protocol readRequestHead server-side request forgery

Summaryinfo

A vulnerability, which was classified as critical, was found in netty-incubator-codec-ohttp up to 0.0.12. The impacted element is the function readRequestHead of the component HTTP Protocol Handler. The manipulation results in server-side request forgery. This vulnerability was named CVE-2024-40642. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in netty-incubator-codec-ohttp up to 0.0.12. Affected is the function readRequestHead of the component HTTP Protocol Handler. The manipulation with an unknown input leads to a server-side request forgery vulnerability. CWE is classifying the issue as CWE-918. The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks and Server Side Request Forgery (SSRF). Attacker could also combine several issues to create well-formed messages for other text-based protocols which may result in attacks beyond the HTTP protocol. The BinaryHttpParser class implements the readRequestHead method which performs most of the relevant parsing of the received request. The data structure prefixes values with a variable length integer value. The parsing code below first gets the lengths of the values from the prefixed variable length integer. After it has all of the lengths and calculates all of the indices, the parser casts the applicable slices of the ByteBuf to String. Finally, it passes these values into a new `DefaultBinaryHttpRequest` object where no further parsing or validation occurs. Method is partially validated while other values are not validated at all. Software that relies on netty to apply input validation for binary HTTP data may be vulnerable to various injection and protocol based attacks. This issue has been addressed in version 0.0.13.Final. Users are advised to upgrade. There are no known workarounds for this vulnerability.

The advisory is available at github.com. This vulnerability is traded as CVE-2024-40642 since 07/08/2024. The exploitability is told to be difficult. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are known, but there is no available exploit.

Upgrading to version 0.0.13.Final eliminates this vulnerability. Applying the patch b687a0cf6ea1030232ea204d73bce82f2698e571 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• netty-incubator-codec-ohttp

Version

• 0.0.1
• 0.0.2
• 0.0.3
• 0.0.4
• 0.0.5
• 0.0.6
• 0.0.7
• 0.0.8
• 0.0.9
• 0.0.10
• 0.0.11
• 0.0.12

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion