Infinite loop in Apache MINA

GHSA-6mcm-j9cj-3vc3 · CVE-2021-41973

Published Nov 3, 2021 · Modified Nov 8, 2023

Description

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-41973
WEB https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
WEB https://www.oracle.com/security-alerts/cpuapr2022.html
WEB http://www.openwall.com/lists/oss-security/2021/11/01/2
WEB http://www.openwall.com/lists/oss-security/2021/11/01/8

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes