CVE-2022-2048

Summary

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Jetty9.4.0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 9.4.46affected
The Eclipse FoundationEclipse Jetty10.0.0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 10.0.9affected
The Eclipse FoundationEclipse Jetty11.0.0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 11.0.9affected

Weaknesses

  • CWE-410: CWE-410
  • CWE-664: CWE-664

ADP Enrichment

CVE Program Container

Additional References

References