In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/01/2 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/01/8 | Mailing List Third Party Advisory |
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E | Mailing List Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2021-11-01 09:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-41973
Mitre link : CVE-2021-41973
CVE.ORG link : CVE-2021-41973
JSON object : View
Products Affected
oracle
- banking_payments
- communications_cloud_native_core_console
- oss_support_tools
- flexcube_universal_banking
- banking_trade_finance_process_management
- banking_treasury_management
- fusion_middleware_common_libraries_and_tools
- customer_management_and_segmentation_foundation
apache
- mina
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')