In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/01/2 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/01/8 | Mailing List Third Party Advisory |
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E | Mailing List Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-11-01T08:35:09
Updated: 2022-04-19T23:57:05
Reserved: 2021-10-04T00:00:00
Link: CVE-2021-41973
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-01T09:15:09.763
Modified: 2022-05-02T18:09:24.897
Link: CVE-2021-41973
JSON object: View
Redhat Information
No data.
CWE