Hanjeouk

**Name of the Vulnerable Software and Affected Versions** Cap'n Proto versions prior to 1.4.0 **Description** Cap'n Proto is a data interchange format and capability-based RPC system. Prior to version 1.4.0, a negative `Content-Length` value was converted to unsigned, resulting in it being treated as an impossibly large length. This could potentially enable HTTP request/response smuggling. The issue is related to integer overflow in KJ-HTTP. **Recommendations** Update to Cap'n Proto version 1.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Cap'n Proto versions prior to 1.4.0 **Description** Cap'n Proto is a data interchange format and capability-based RPC system. Prior to version 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size was parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. This could potentially enable HTTP request/response smuggling. The issue is related to the parsing of chunk sizes in HTTP requests when the `Transfer-Encoding` is set to `chunked`. **Recommendations** Versions prior to 1.4.0 should be updated to version 1.4.0 or later.