You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Eclipse Jetty provides a web server and servlet container.An integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when the length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, MetaDataBuilder.checkSize allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2.
This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack.
This issue affects the packages org.eclipse.jetty:jetty-http in versions 9.3.0.M0 through 9.4.52.v20230823, 10.0.0-alpha0 through 10.0.15, and 11.0.0-alpha0 through 11.0.15, 12.0.0.alpha0 through 12.0.0.beta1, org.eclipse.jetty.http3:http3-qpack in versions 10.0.8 through 10.0.15, and 11.0.8 through 11.0.15, org.eclipse.jetty.http2:jetty-http2-hpack, org.eclipse.jetty.http3:jetty-http3-qpack in versions 12.0.0.alpha0 through 12.0.0.beta1, and org.eclipse.jetty.http2:http2-hpack versions 9.3.0.M0 through 9.4.52.v20230823, 10.0.0-alpha0 through 10.0.15, and 11.0.0-alpha0 through 11.0.15.
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 9.4.53.v20231009
The text was updated successfully, but these errors were encountered:
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2023-36478
Checkmarx Project: cxronen/BookStore_VSCode
Repository URL: https://github.com/cxronen/BookStore_VSCode
Branch: master
Scan ID: 3aaa12b3-552a-4874-ba98-3d364d7d56f6
Eclipse Jetty provides a web server and servlet container.An integer overflow in
MetaDataBuilder.checkSize
allows for HTTP/2 HPACK header values to exceed their size limit.MetaDataBuilder.java
determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when the length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative.(_size+length)
will now be negative, and the check on line 296 will not be triggered. Furthermore,MetaDataBuilder.checkSize
allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2.This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack.
This issue affects the packages org.eclipse.jetty:jetty-http in versions 9.3.0.M0 through 9.4.52.v20230823, 10.0.0-alpha0 through 10.0.15, and 11.0.0-alpha0 through 11.0.15, 12.0.0.alpha0 through 12.0.0.beta1, org.eclipse.jetty.http3:http3-qpack in versions 10.0.8 through 10.0.15, and 11.0.8 through 11.0.15, org.eclipse.jetty.http2:jetty-http2-hpack, org.eclipse.jetty.http3:jetty-http3-qpack in versions 12.0.0.alpha0 through 12.0.0.beta1, and org.eclipse.jetty.http2:http2-hpack versions 9.3.0.M0 through 9.4.52.v20230823, 10.0.0-alpha0 through 10.0.15, and 11.0.0-alpha0 through 11.0.15.
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 9.4.53.v20231009
The text was updated successfully, but these errors were encountered: