Bug 2365137 (CVE-2025-1948) - CVE-2025-1948 jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability
Summary: CVE-2025-1948 jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability
Keywords:
Status: NEW
Alias: CVE-2025-1948
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-08 18:01 UTC by OSIDB Bzimport
Modified: 2025-09-03 08:28 UTC (History)
16 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:10092 0 None None None 2025-07-01 13:46:22 UTC
Red Hat Product Errata RHSA-2025:10097 0 None None None 2025-07-01 14:28:28 UTC
Red Hat Product Errata RHSA-2025:10098 0 None None None 2025-07-01 14:32:58 UTC
Red Hat Product Errata RHSA-2025:10104 0 None None None 2025-07-01 14:54:24 UTC
Red Hat Product Errata RHSA-2025:10118 0 None None None 2025-07-01 16:35:08 UTC
Red Hat Product Errata RHSA-2025:10119 0 None None None 2025-07-01 16:29:30 UTC
Red Hat Product Errata RHSA-2025:10120 0 None None None 2025-07-01 16:50:02 UTC
Red Hat Product Errata RHSA-2025:13274 0 None None None 2025-08-06 16:17:49 UTC
Red Hat Product Errata RHSA-2025:7696 0 None None None 2025-05-15 15:17:04 UTC

Description OSIDB Bzimport 2025-05-08 18:01:15 UTC 
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE.
The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.
Comment 2 errata-xmlrpc 2025-05-15 15:17:02 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.10.3 for Spring Boot

Via RHSA-2025:7696 https://access.redhat.com/errata/RHSA-2025:7696
Comment 3 errata-xmlrpc 2025-07-01 13:46:20 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.18-RHEL-9

Via RHSA-2025:10092 https://access.redhat.com/errata/RHSA-2025:10092
Comment 4 errata-xmlrpc 2025-07-01 14:28:26 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.17-RHEL-9

Via RHSA-2025:10097 https://access.redhat.com/errata/RHSA-2025:10097
Comment 5 errata-xmlrpc 2025-07-01 14:32:57 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.16-RHEL-9

Via RHSA-2025:10098 https://access.redhat.com/errata/RHSA-2025:10098
Comment 6 errata-xmlrpc 2025-07-01 14:54:22 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.15-RHEL-8

Via RHSA-2025:10104 https://access.redhat.com/errata/RHSA-2025:10104
Comment 7 errata-xmlrpc 2025-07-01 16:29:29 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.13-RHEL-8

Via RHSA-2025:10119 https://access.redhat.com/errata/RHSA-2025:10119
Comment 8 errata-xmlrpc 2025-07-01 16:35:06 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.12-RHEL-8

Via RHSA-2025:10118 https://access.redhat.com/errata/RHSA-2025:10118
Comment 9 errata-xmlrpc 2025-07-01 16:50:00 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.14-RHEL-8

Via RHSA-2025:10120 https://access.redhat.com/errata/RHSA-2025:10120
Comment 11 errata-xmlrpc 2025-08-06 16:17:47 UTC 
This issue has been addressed in the following products:

  Red Hat AMQ Broker 7.13.1

Via RHSA-2025:13274 https://access.redhat.com/errata/RHSA-2025:13274
Note You need to log in before you can comment on or make changes to this bug.