Description
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVP_HPKE_CTX_export fails it also returns an empty byte[] array filled with zeros. This byte[] feeds directly into OHttpCrypto.createResponseAEAD(...). A silent all-zero export secret would produce a deterministic, attacker-predictable AEAD key. Version 0.0.21.Final patches the issue.
Published: 2026-06-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the netty incubator codec.ohttp library, where failure of HKDF_expand or EVP_HPKE_CTX_export silently produces a byte array filled with zeros. This zeroed key material is then used directly as the AEAD key for HTTP response encryption. Because the key is deterministic and attacker‑predictable, an adversary can potentially decrypt or forge encrypted responses, compromising the confidentiality and integrity of communications handled by applications that rely on this library. The weakness is a cryptographic key management flaw and is catalogued as CWE‑330.

Affected Systems

netty:netty-incubator-codec-ohttp versions earlier than 0.0.21.Final are affected. The issue was fixed in 0.0.21.Final, which ensures that HKDF_expand and EVP_HPKE_CTX_export return non‑NULL key material on failure.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and there is no EPSS score available, so the likelihood of exploitation is uncertain but not negligible. The vulnerability is not listed in CISA KEV. Attack directly against the library would require the attacker to influence the DP library, potentially by crafting input that triggers failure or by controlling the library build. If such injection or control is possible, the attacker could observe the use of a zero‑key and then exploit the weakened encryption for later traffic. Otherwise, the risk is limited to environments that fail silently, especially if no additional validation of key material exists.

Generated by OpenCVE AI on June 4, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade netty-incubator-codec-ohttp to version 0.0.21.Final or later, which patches the key generation logic.
  • Recompile all dependent projects to incorporate the patched library version, ensuring that no legacy code paths remain.
  • Implement additional validation in the cryptographic initialization routine to detect zero or null key material and reject it before use; optionally log warning messages when a key of all zeros is generated.

Generated by OpenCVE AI on June 4, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f659-372h-6x3x netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
History

Mon, 08 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:netty:netty-incubator-codec-ohttp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Thu, 04 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Netty
Netty netty-incubator-codec-ohttp
Vendors & Products Netty
Netty netty-incubator-codec-ohttp

Thu, 04 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVP_HPKE_CTX_export fails it also returns an empty byte[] array filled with zeros. This byte[] feeds directly into OHttpCrypto.createResponseAEAD(...). A silent all-zero export secret would produce a deterministic, attacker-predictable AEAD key. Version 0.0.21.Final patches the issue.
Title netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
Weaknesses CWE-330
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netty Netty-incubator-codec-ohttp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-08T14:17:59.857Z

Reserved: 2026-04-18T02:51:52.974Z

Link: CVE-2026-41207

cve-icon Vulnrichment

Updated: 2026-06-08T14:17:55.860Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-04T18:16:30.433

Modified: 2026-06-05T21:01:26.883

Link: CVE-2026-41207

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T19:00:14Z

Weaknesses
  • CWE-330

    Use of Insufficiently Random Values