CVE-2021-41973

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
apachemina
𝑥
< 2.0.22
apachemina
2.1.0 ≤
𝑥
< 2.1.5
oraclebanking_payments
14.5
oraclebanking_trade_finance_process_management
14.5
oraclebanking_treasury_management
14.5
oraclecommunications_cloud_native_core_console
1.9.0
oraclecustomer_management_and_segmentation_foundation
18.0
oraclecustomer_management_and_segmentation_foundation
19.0
oracleflexcube_universal_banking
14.0 ≤
𝑥
≤ 14.3
oracleflexcube_universal_banking
14.5
oraclefusion_middleware_common_libraries_and_tools
12.2.1.3.0
oraclefusion_middleware_common_libraries_and_tools
12.2.1.4.0
oraclefusion_middleware_common_libraries_and_tools
14.1.1.0.0
oracleoss_support_tools
2.12.42
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/11/01/2
http://www.openwall.com/lists/oss-security/2021/11/01/8
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www.openwall.com/lists/oss-security/2021/11/01/2
http://www.openwall.com/lists/oss-security/2021/11/01/8
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html