CVE-2024-22201

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22201

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22201.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-22201

Aliases

GHSA-rggv-cv7r-mw98

Related

Published

2024-02-26T16:27:56Z

Modified

2025-02-13T19:53:07.270858Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

References

Affected packages

Debian:11 / jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.50-4+deb11u2

Affected versions

9.*

9.4.39-3

9.4.39-3+deb11u1

9.4.39-3+deb11u2

9.4.44-1

9.4.44-2

9.4.44-3

9.4.44-4

9.4.45-1

9.4.46-1

9.4.48-1

9.4.49-1

9.4.49-1.1

9.4.50-1~bpo11+1

9.4.50-1

9.4.50-2

9.4.50-3

9.4.50-4

9.4.50-4+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.50-4+deb12u3

Affected versions

9.*

9.4.50-4

9.4.50-4+deb12u1

9.4.50-4+deb12u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.54-1

Affected versions

9.*

9.4.50-4

9.4.51-1

9.4.51-2

9.4.52-1

9.4.53-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/eclipse/jetty.project

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/jetty.project
Events: Introduced

390f3200cce7f90f1f3ebc78013c1afea2f93db8

Fixed

cef3fbd6d736a21e7d541a5db490381d95a2047d

Type: GIT
Repo: https://github.com/jetty/jetty.project
Events: Introduced

b9645a17373e4e9b7f30b6c0a07defcea2cb660b

Fixed

3a745c71c23682146f262b99f4ddc4c1bc41630c

Affected versions

jetty-10.*

jetty-10.0.0

jetty-10.0.1

jetty-10.0.13

jetty-10.0.15

jetty-10.0.16

jetty-10.0.17

jetty-10.0.18

jetty-10.0.19

jetty-10.0.2

jetty-10.0.4

jetty-10.0.5

jetty-10.0.6

jetty-10.0.7

jetty-10.0.8

jetty-9.*

jetty-9.2.10.v20150310

jetty-9.2.11.M0

jetty-9.2.11.v20150528

jetty-9.2.11.v20150529

jetty-9.2.12.M0

jetty-9.2.12.v20150709

jetty-9.2.13.v20150730

jetty-9.2.14.v20151106

jetty-9.2.15.v20160210

jetty-9.2.16.v20160414

jetty-9.2.17.v20160517

jetty-9.2.18.v20160721

jetty-9.2.19.v20160908

jetty-9.2.20.v20161216

jetty-9.2.21.v20170120

jetty-9.2.22.v20170606

jetty-9.2.23.v20171218

jetty-9.2.24.v20180105

jetty-9.2.25.v20180606

jetty-9.2.26.v20180806

jetty-9.2.27.v20190403

jetty-9.2.28.v20190418

jetty-9.2.29.v20191105

jetty-9.2.4.v20141103

jetty-9.2.5.v20141112

jetty-9.2.6.v20141203

jetty-9.2.6.v20141205

jetty-9.2.7.v20150116

jetty-9.2.8.v20150217

jetty-9.2.9.v20150224

jetty-9.3.0.M0

jetty-9.3.0.v20150612

jetty-9.3.1.v20150714

jetty-9.3.10.M0

jetty-9.3.10.v20160621

jetty-9.3.11.M0

jetty-9.3.11.v20160721

jetty-9.3.12.v20160915

jetty-9.3.13.M0

jetty-9.3.13.v20161014

jetty-9.3.14.v20161028

jetty-9.3.15.v20161220

jetty-9.3.16.v20170120

jetty-9.3.17.v20170317

jetty-9.3.18.v20170406

jetty-9.3.19.v20170502

jetty-9.3.20.v20170531

jetty-9.3.21.M0

jetty-9.3.21.v20170918

jetty-9.3.22.v20171030

jetty-9.3.23.v20180228

jetty-9.3.24.v20180605

jetty-9.3.25.v20180904

jetty-9.3.26.v20190403

jetty-9.3.27.v20190418

jetty-9.3.28.v20191105

jetty-9.3.3.v20150825

jetty-9.3.3.v20150827

jetty-9.3.4.v20151007

jetty-9.3.5.v20151012

jetty-9.3.6.v20151106

jetty-9.3.7.RC0

jetty-9.3.7.RC1

jetty-9.3.7.v20160115

jetty-9.3.8.RC0

jetty-9.3.8.v20160314

jetty-9.3.9.M1

jetty-9.3.9.v20160517

jetty-9.4.0.M1

jetty-9.4.0.RC0

jetty-9.4.0.RC1

jetty-9.4.0.RC2

jetty-9.4.0.RC3

jetty-9.4.0.v20161207

jetty-9.4.0.v20161208

jetty-9.4.1.v20170120

jetty-9.4.10.v20180503

jetty-9.4.11.v20180605

jetty-9.4.12.v20180830

jetty-9.4.13.v20181111

jetty-9.4.14.v20181114

jetty-9.4.15.v20190215

jetty-9.4.16.v20190411

jetty-9.4.17.v20190418

jetty-9.4.18.v20190429

jetty-9.4.19.v20190610

jetty-9.4.2.v20170220

jetty-9.4.20.v20190813

jetty-9.4.21.v20190926

jetty-9.4.22.v20191022

jetty-9.4.23.v20191118

jetty-9.4.24.v20191120

jetty-9.4.25.v20191220

jetty-9.4.26.v20200117

jetty-9.4.27.v20200227

jetty-9.4.28.v20200408

jetty-9.4.29.v20200521

jetty-9.4.3.v20170317

jetty-9.4.30.v20200611

jetty-9.4.31.v20200723

jetty-9.4.32.v20200930

jetty-9.4.33.v20201020

jetty-9.4.34.v20201102

jetty-9.4.35.v20201120

jetty-9.4.36.v20210114

jetty-9.4.37.v20210219

jetty-9.4.38.v20210224

jetty-9.4.39.v20210325

jetty-9.4.4.v20170414

jetty-9.4.40.v20210413

jetty-9.4.42.v20210604

jetty-9.4.43.v20210629

jetty-9.4.44.v20210927

jetty-9.4.45.v20220203

jetty-9.4.5.v20170502

jetty-9.4.50.v20221201

jetty-9.4.52.v20230823

jetty-9.4.53.v20231009

jetty-9.4.6.v20170531

jetty-9.4.7.v20170914

jetty-9.4.8.v20171121

jetty-9.4.9.v20180320