Shombo

**Name of the Vulnerable Software and Affected Versions** netty incubator codec.bhttp versions prior to 0.0.13.Final **Description** The `BinaryHttpParser` class does not properly validate input values, giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks, including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks, and Server Side Request Forgery (SSRF). The `BinaryHttpParser` class implements the `readRequestHead` method, which performs most of the relevant parsing of the received request. The data structure prefixes values with a variable length integer value. The parsing code first gets the lengths of the values from the prefixed variable length integer, then casts the applicable slices of the `ByteBuf` to `String`, and finally passes these values into a new `DefaultBinaryHttpRequest` object where no further parsing or validation occurs. Method is partially validated while other values are not validated at all. Software that relies on netty to apply input validation for binary HTTP data may be vulnerable to various injection and protocol-based attacks. **Recommendations** For versions prior to 0.0.13.Final, upgrade to version 0.0.13.Final to address the issue. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting the use of the `BinaryHttpParser` class until a patch is available. Avoid using the `readRequestHead` method in the `BinaryHttpParser` class until the issue is resolved. Restrict access to the `DefaultBinaryHttpRequest` object to minimize the risk of exploitation.