CVE-2022-2191

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-2191
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2191.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-2191
Aliases
Downstream
Related
Published
2022-07-07T21:15:10.210Z
Modified
2026-03-13T05:29:12.661391Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

References

Affected packages

Git / github.com/eclipse/jetty.project

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/jetty.project
Events
Introduced
b9645a17373e4e9b7f30b6c0a07defcea2cb660b
Last affected
a9eaf8d5d73369acf610ce88f850c0d56c4b1113
Introduced
432f896d7a4555fcc81f38108757ea0aca8788e6
Last affected
243a48a658a183130a8c8de353178d154ca04f04
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.0.9"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "last_affected": "11.0.9"
        }
    ]
}

Affected versions

jetty-10.*
jetty-10.0.0
jetty-10.0.1
jetty-10.0.2
jetty-10.0.4
jetty-10.0.5
jetty-10.0.6
jetty-10.0.7
jetty-10.0.8
jetty-11.*
jetty-11.0.0
jetty-11.0.0-alpha0
jetty-11.0.0.beta1
jetty-11.0.0.beta2
jetty-11.0.0.beta3
jetty-11.0.1
jetty-11.0.2
jetty-11.0.4
jetty-11.0.5
jetty-11.0.6
jetty-11.0.7
jetty-11.0.8
jetty-11.0.9
jetty-9.*
jetty-9.4.36.v20210114
jetty-9.4.37.v20210219

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2191.json"