Moderate severityNVD Advisory· Published Nov 1, 2021· Updated Aug 4, 2024
Apache MINA HTTP listener DOS
CVE-2021-41973
Description
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.mina:mina-coreMaven | >= 2.1.0, < 2.1.5 | 2.1.5 |
org.apache.mina:mina-coreMaven | < 2.0.22 | 2.0.22 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6mcm-j9cj-3vc3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41973ghsaADVISORY
- www.openwall.com/lists/oss-security/2021/11/01/2ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2021/11/01/8ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3Eghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.