A flaw was found in Jetty http2-hpack and http3-qpack. If header values exceed the size limit and Huffman is the trueMetaDataBuilder.checkSize
, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service (DoS) attack.
No mitigations are currently available for this vulnerability.
bugzilla.redhat.com/show_bug.cgi?id=2243123
github.com/eclipse/jetty.project/pull/9634
github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16
github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16
github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009
github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
nvd.nist.gov/vuln/detail/CVE-2023-36478
www.cve.org/CVERecord?id=CVE-2023-36478