Memory leak in Jetty - CVE-2024-7708
Published: July 13, 2026
Jetty
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in server handling of request bodies when processing 100-Continue requests or requests where reading the body returns 0 bytes. A remote attacker can send a series of specially crafted requests to cause a denial of service.
The issue results in a buffer leak that can be triggered particularly through 100-Continue handling, and slow network conditions can also expose the vulnerable behavior.