31 matches found
EUVD-2007-1938
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-2191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case...
PT-2025-20402 · Eclipse · Eclipse Jetty
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 12.0.0 through 12.0.16 Description: The issue arises when an HTTP/2 client specifies a very large value for the HTTP/2 settings parameter SETTINGS MAX HEADER LIST SIZE. The Jetty HTTP/2 server fails to validate this...
PT-2023-35614 · Unknown · Checkstyle
Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to the handling of ByteBuffer positions and UTF-8 updates. Recommendations: At the moment, there ...
OSV-2023-1152 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64130 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.ByteBuffer.position java.base/sun.nio.cs.UTF8.updatePositions...
OSV-2022-852 Security exception in java.base/java.nio.Bits.reserveMemory
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51044 Crash type: Security exception Crash state: java.base/java.nio.Bits.reserveMemory java.base/java.nio.DirectByteBuffer. java.base/java.nio.ByteBuffer.allocateDirect...
PT-2022-37253 · Oracle · Java
Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in Java, specifically in the java.nio package. The crash occurs in the reserveMemory function of java.nio.Bits, which is called by...
GHSA-8MPP-F3F7-XC28 Jetty SslConnection does not release pooled ByteBuffers in case of errors
Impact SslConnection does not release ByteBuffers in case of error code paths. For example, TLS handshakes that require client-auth with clients that send expired certificates will trigger a TLS handshake errors and the ByteBuffers used to process the TLS handshake will be leaked. Workarounds...
Jetty SslConnection does not release pooled ByteBuffers in case of errors
Impact SslConnection does not release ByteBuffers in case of error code paths. For example, TLS handshakes that require client-auth with clients that send expired certificates will trigger a TLS handshake errors and the ByteBuffers used to process the TLS handshake will be leaked. Workarounds...
PT-2022-6930 · Eclipse · Eclipse Jetty
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 10.0.0 through 10.0.9 Eclipse Jetty versions 11.0.0 through 11.0.9 Description: The issue is related to the SslConnection component of the Eclipse Jetty servlet container, which is associated with resource release error...
Eclipse Jetty 安全漏洞
Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty, which stems from a pooled ByteBuffer that is not freed by SslConnection, and affects the following products and versions: versions 10.0....
CVE-2022-24197
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service DoS via a crafted PDF file...
Jetty 9.4.27 < 9.4.30 Buffer Overflow
The version of Jetty installed on the remote host when handling too large response headers throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two...
OSV-2021-494 Heap-buffer-overflow in AK::ByteBuffer::overwrite
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31698 Crash type: Heap-buffer-overflow READ 1 Crash state: AK::ByteBuffer::overwrite Crypto::PK::RSA::parsersakey FuzzRSAKeyParsing.cpp...
jetty: double release of resource can lead to information disclosure
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
jetty: double release of resource can lead to information disclosure
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
GHSA-X3RH-M7VP-35F2 Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
Eclipse Jetty Vulnerability (CVE-2019-17638) - Windows
Eclipse Jetty is prone to a vulnerability where sensitive information about clients could be obtained. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...