CVE-2022-2191

Exploit

EPSS 0.5%
Veröffentlicht 07.07.2022 21:15:10
Zuletzt bearbeitet 21.11.2024 07:00:30
Quelle emo@eclipse.org
CVE-Watchlists
Login
Unerledigt
Login

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eclipse ≫ Jetty Version >= 10.0.0 <= 10.0.9

Eclipse ≫ Jetty Version >= 11.0.0 <= 11.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.649

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
emo@eclipse.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

Vendor Advisory

Exploit

https://security.netapp.com/advisory/ntap-20220909-0003/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2191

EUVD