CVE-2021-41973

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-41973

CGA ID

CGA-vpcw-p8q4-wrp6

Severity

Unknown

Description

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

References

https://images.chainguard.dev/security/CGA-vpcw-p8q4-wrp6
https://github.com/advisories/GHSA-6mcm-j9cj-3vc3
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/01/2
http://www.openwall.com/lists/oss-security/2021/11/01/8
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security-tracker.debian.org/tracker/CVE-2021-41973

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-41973

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources