{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32239", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T14:47:05.684Z", "datePublished": "2026-03-12T19:33:25.052Z", "dateUpdated": "2026-03-13T16:15:03.051Z"}, "containers": {"cna": {"title": "Cap'n Proto has an integer overflow in KJ-HTTP", "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "lang": "en", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm"}, {"name": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36", "tags": ["x_refsource_MISC"], "url": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36"}, {"name": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0", "tags": ["x_refsource_MISC"], "url": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0"}, {"name": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz", "tags": ["x_refsource_MISC"], "url": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz"}, {"name": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip", "tags": ["x_refsource_MISC"], "url": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip"}], "affected": [{"vendor": "capnproto", "product": "capnproto", "versions": [{"version": "< 1.4.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T19:33:25.052Z"}, "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0."}], "source": {"advisory": "GHSA-qjx3-pp3m-9jpm", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:14:56.683931Z", "id": "CVE-2026-32239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:15:03.051Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Cap'n Proto has an integer overflow in KJ-HTTP", "source": {"advisory": "GHSA-qjx3-pp3m-9jpm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "capnproto", "product": "capnproto", "versions": [{"status": "affected", "version": "< 1.4.0"}]}], "references": [{"url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm", "name": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36", "name": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0", "name": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0", "tags": ["x_refsource_MISC"]}, {"url": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz", "name": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz", "tags": ["x_refsource_MISC"]}, {"url": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip", "name": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T19:33:25.052Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T16:14:56.683931Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-13T16:14:59.764Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-32239", "state": "PUBLISHED", "dateUpdated": "2026-03-12T19:33:25.052Z", "dateReserved": "2026-03-11T14:47:05.684Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T19:33:25.052Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0."}], "id": "CVE-2026-32239", "lastModified": "2026-03-12T21:07:53.427", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-12T20:16:05.010", "references": [{"source": "[email protected]", "url": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz"}, {"source": "[email protected]", "url": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip"}, {"source": "[email protected]", "url": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36"}, {"source": "[email protected]", "url": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0"}, {"source": "[email protected]", "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-444"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "capnproto: Cap'n Proto has an integer overflow in KJ-HTTP", "id": "2447106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447106"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-681", "details": ["A flaw was found in the KJ-HTTP component of Cap\u2019n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP messages containing negative Content-Length values. This may lead to inconsistent interpretation of HTTP message boundaries and could theoretically enable HTTP request or response smuggling scenarios in applications that rely on Cap\u2019n Proto\u2019s HTTP implementation."], "mitigation": {"lang": "en:us", "value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability."}, "name": "CVE-2026-32239", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "capnproto", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2026-03-12T19:33:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32239\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32239\nhttps://capnproto.org/capnproto-c++-1.4.0.tar.gz\nhttps://capnproto.org/capnproto-c++-win32-1.4.0.zip\nhttps://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36\nhttps://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0\nhttps://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm"], "statement": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires the attacker to craft malformed HTTP messages containing negative Content-Length values that trigger the integer conversion behavior in the KJ-HTTP parser. Such malformed inputs are not typically generated during normal HTTP communication and may be rejected or normalized by intermediate HTTP components such as proxies or load balancers or front-end servers before reaching the affected parser. The potential impact is also limited to inconsistent interpretation of HTTP request boundaries, which could enable limited request smuggling scenarios depending on application architecture. The vulnerability does not directly allow remote code execution or service crashes.", "threat_severity": "Moderate"}