CVE-2021-28165

Summary

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Jetty7.2.2 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 9.4.38affected
The Eclipse FoundationEclipse Jetty10.0.0.alpha0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 10.0.1affected
The Eclipse FoundationEclipse Jetty11.0.0.alpha0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 11.0.1affected

Weaknesses

  • CWE-400: CWE-400
  • CWE-551: CWE-551

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References