CVE-2022-2191

Summary

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Jetty10.0.0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 10.0.9affected
The Eclipse FoundationEclipse Jetty11.0.0 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 11.0.9affected

Weaknesses

  • CWE-404: CWE-404
  • CWE-664: CWE-664

ADP Enrichment

CVE Program Container

Additional References

References