CVE-2024-13009

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-13009

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13009.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-13009

Aliases

GHSA-q4rv-gq96-w7c5

Downstream

CLEANSTART-2026-DD05788

CLEANSTART-2026-GH89210

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-LO22603

CLEANSTART-2026-RN56220

CLEANSTART-2026-SQ91016

CLEANSTART-2026-VH41554

CLEANSTART-2026-WK99982

DEBIAN-CVE-2024-13009

DLA-4106-1

DSA-5894-1

MINI-5h5c-86q2-xqpm

MINI-9fww-ff9h-5cwp

MINI-v6h6-whrm-g559

RHSA-2025:15643

SUSE-SU-2025:01738-1

UBUNTU-CVE-2024-13009

openSUSE-SU-2025:15160-1

Related

Published

2025-05-08T18:15:41.640Z

Modified

2026-04-10T05:08:33.674093Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

References

Affected packages

Git / github.com/eclipse/jetty.project

Affected ranges

Type

GIT

Repo

https://github.com/eclipse/jetty.project

Events

Introduced

bf9d17540c7ae4c91be30c045a9485aa2030d3e5

Fixed

df524e6b29271c2e09ba9aea83c18dc9db464a31

Database specific

{
    "versions": [
        {
            "introduced": "9.4.0"
        },
        {
            "fixed": "9.4.57"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13009.json"