{"id":"CVE-2021-41973","details":"In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.","aliases":["GHSA-6mcm-j9cj-3vc3"],"modified":"2026-04-11T12:38:10.483231Z","published":"2021-11-01T09:15:09.763Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.5"}],"cpe":"cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.5"}],"cpe":"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.5"}],"cpe":"cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"1.9.0"}],"cpe":"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"18.0"}],"cpe":"cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"19.0"}],"cpe":"cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"introduced":"14.0"},{"last_affected":"14.3"}],"cpe":"cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.5"}],"cpe":"cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"12.2.1.3.0"}],"cpe":"cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"12.2.1.4.0"}],"cpe":"cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.1.1.0.0"}],"cpe":"cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"2.12.42"}],"cpe":"cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/11/01/8"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2021/11/01/2"},{"type":"FIX","url":"https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/mina","events":[{"introduced":"0"},{"fixed":"97df92e57a15ea60282a5310df0eefa8527d2286"},{"introduced":"d595254cb8c254204d794457d42219321a6a2306"},{"fixed":"bc9bb230f112f58854bf70660c443cfd52c2bcff"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.0.22"},{"introduced":"2.1.0"},{"fixed":"2.1.5"}],"cpe":"cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:*"}}],"versions":["2.0.10","2.0.11","2.0.12","2.0.13","2.0.14","2.0.15","2.0.16","2.0.17","2.0.18","2.0.19","2.0.20","2.0.21","2.0.8","2.0.9","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41973.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}