In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/01/2 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/01/8 | Mailing List Third Party Advisory |
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E | Mailing List Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/01/2 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/01/8 | Mailing List Third Party Advisory |
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E | Mailing List Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 06:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2021/11/01/2 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2021/11/01/8 - Mailing List, Third Party Advisory | |
References | () https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
Information
Published : 2021-11-01 09:15
Updated : 2024-11-21 06:27
NVD link : CVE-2021-41973
Mitre link : CVE-2021-41973
CVE.ORG link : CVE-2021-41973
JSON object : View
Products Affected
oracle
- banking_payments
- banking_trade_finance_process_management
- flexcube_universal_banking
- oss_support_tools
- fusion_middleware_common_libraries_and_tools
- banking_treasury_management
- customer_management_and_segmentation_foundation
- communications_cloud_native_core_console
apache
- mina
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')