CVE-2024-13009

EUVD-2024-54465
In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
eclipsejetty
9.4.0 ≤
𝑥
< 9.4.57
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jetty12
forky
12.0.17-3.1
fixed
sid
12.0.17-3.1
fixed
trixie
12.0.17-3.1~deb13u1
fixed
trixie (security)
12.0.17-3.1~deb13u1
fixed
jetty9
bookworm
9.4.57-0+deb12u1
fixed
bookworm (security)
9.4.57-1.1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
9.4.57-0+deb11u3
fixed
forky
9.4.57-1.1
fixed
sid
9.4.57-1.1
fixed
trixie
9.4.57-1.1~deb13u1
fixed
trixie (security)
9.4.57-1.1~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jetty9
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
jetty-http
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
jetty-io
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
jetty-security
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
jetty-server
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
jetty-servlet
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
jetty-util
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
jetty-util-ajax
suse enterprise desktop 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise desktop 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise sap 15 SP7
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP2
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP3
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP4
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP5
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP6
9.4.57-150200.3.31.1
fixed
suse enterprise server 15 SP7
9.4.57-150200.3.31.1
fixed
Common Weakness Enumeration
References
https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5
https://gitlab.eclipse.org/security/cve-assignement/-/issues/48