CVE-2021-41973 – org.apache.mina:mina-core

Package

Manager: maven
Name: org.apache.mina:mina-core
Vulnerable Version: >=2.1.0 <2.1.5 || >=0 <2.0.22

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01601 pctl0.81005

Details

Infinite loop in Apache MINA In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Metadata

Created: 2021-11-03T17:30:35Z
Modified: 2021-11-03T14:49:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-6mcm-j9cj-3vc3/GHSA-6mcm-j9cj-3vc3.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-6mcm-j9cj-3vc3
Finding: F138
Auto approve: 1