CGA-vpcw-p8q4-wrp6

Published

Last updated

https://images.chainguard.dev/security/CGA-vpcw-p8q4-wrp6

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2021-41973
GHSA-6mcm-j9cj-3vc3

Severity

Unknown

Summary

Infinite loop in Apache MINA

Description

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-41973
https://github.com/advisories/GHSA-6mcm-j9cj-3vc3
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www.openwall.com/lists/oss-security/2021/11/01/2
http://www.openwall.com/lists/oss-security/2021/11/01/8

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-vpcw-p8q4-wrp6

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources