{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T04:52:01.835","vulnerabilities":[{"cve":{"id":"CVE-2023-36478","sourceIdentifier":"security-advisories@github.com","published":"2023-10-10T17:15:11.737","lastModified":"2024-11-21T08:09:47.717","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to\nexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295\nwill overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds."},{"lang":"es","value":"Eclipse Jetty proporciona un servidor web y un contenedor de servlets. En las versiones 11.0.0 a 11.0.15, 10.0.0 a 10.0.15 y 9.0.0 a 9.4.52, un desbordamiento de enteros en `MetaDataBuilder.checkSize` permite que los valores del encabezado HTTP/2 HPACK excedan su límite de tamaño. `MetaDataBuilder.java` determina si el nombre o valor de un encabezado excede el límite de tamaño y genera una excepción si se excede el límite. Sin embargo, cuando la longitud es muy grande y Huffman es verdadera, la multiplicación por 4 en la línea 295 se desbordará y la longitud se volverá negativa. `(_size+length)` ahora será negativo y la verificación en la línea 296 no se activará. Además, `MetaDataBuilder.checkSize` permite que los tamaños de los valores del encabezado HPACK ingresados por el usuario sean negativos, lo que podría generar una asignación de búfer muy grande más adelante cuando el tamaño ingresado por el usuario se multiplique por 2. Esto significa que si un usuario proporciona un tamaño con valor de longitud negativo (o, más precisamente, un valor de longitud que, cuando se multiplica por el factor de manipulación 4/3, es negativo), y este valor de longitud es un número positivo muy grande cuando se multiplica por 2, entonces el usuario puede causar un valor de longitud muy grande de búfer que se asignará en el servidor. Los usuarios de HTTP/2 pueden verse afectados por un ataque remoto de denegación de servicio. El problema se solucionó en las versiones 11.0.16, 10.0.16 y 9.4.53. No se conocen workarounds."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.4.53","matchCriteriaId":"0780793A-2F4A-452B-BCC8-1945E57C3C49"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.16","matchCriteriaId":"1D15B5CF-CDFA-4303-8A9F-CF2FAD8E10CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.16","matchCriteriaId":"9153C468-135C-49C4-B33B-1828E37AF483"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","versionEndExcluding":"2.414.3","matchCriteriaId":"16B24AD0-318F-4E5D-B2BF-DD61A7C033CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","versionEndExcluding":"2.428","matchCriteriaId":"156AD017-ABC8-49EC-BB4F-79C55D6B2BC1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/10/18/4","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/eclipse/jetty.project/pull/9634","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20231116-0011/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"security-advisories@github.com"},{"url":"https://www.debian.org/security/2023/dsa-5540","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/10/18/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/eclipse/jetty.project/pull/9634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20231116-0011/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2023/dsa-5540","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}