CVE-2023-36478
Public on 2023-10-10
Modified on 2023-10-11
Description
Specially crafted HTTP/2 requests can cause Jetty to allocate a very large memory buffer, leading to a potential denial of service.
The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.
The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | jetty | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |