CVE-2022-2191

Exploit

EPSS 0.49%
Published 07.07.2022 21:15:10
Last modified 21.11.2024 07:00:30
Source emo@eclipse.org
Teams watchlist Login
Open Login

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Eclipse ≫ Jetty Version >= 10.0.0 <= 10.0.9

Eclipse ≫ Jetty Version >= 11.0.0 <= 11.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.49%	0.649

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
emo@eclipse.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28

Vendor Advisory

Exploit

https://security.netapp.com/advisory/ntap-20220909-0003/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2191

EUVD