Home

CVE-2022-2191

Description

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.659

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-2191 are fixed in Eclipse-jetty-server 11.0.10Windows
Vulnerabilities CVE-2022-2191 are fixed in Eclipse-jetty-server 10.0.10Windows
Vulnerabilities CVE-2022-2191 are fixed in Eclipse-jetty-server for Linux 11.0.10Linux
Vulnerabilities CVE-2022-2191 are fixed in Eclipse-jetty-server for Linux 10.0.10Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234