CVE-2022-2191
published 2022-07-07CVE-2022-2191: In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jetty9 | — | — |
| eclipse | jetty | 10.0.0 – 10.0.9 | — |
| eclipse | jetty | 11.0.0 – 11.0.9 | — |
| the_eclipse_foundation | eclipse_jetty | >= 10.0.0 < unspecified | unspecified |
| the_eclipse_foundation | eclipse_jetty | >= 11.0.0 < unspecified | unspecified |
| the_eclipse_foundation | eclipse_jetty | unspecified – 10.0.9 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH