CVE-2021-41973

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-41973

Severity

6.5

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-41973
https://github.com/advisories/GHSA-6mcm-j9cj-3vc3
http://www.openwall.com/lists/oss-security/2021/11/01/2
http://www.openwall.com/lists/oss-security/2021/11/01/8
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2021-41973

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company