suse · CVE-2022-2191

Quick triage

Priority: high Published: 2022-07-11 23:48:08 UTC Updated: 2025-02-16 03:26:19 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-2191 severity important: SUSE including 8 source package names (jetty-http, jetty-io, …), 45 product×package rows across 10 product lines (SUSE Enterprise Storage 7, SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS, … (10 product lines)): Known Not Affected 45.

Description:

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.

cvelogic Threat Intelligence