PT-2021-23461 · Apache+1 · Apache Mina+1

Published

2021-11-01

Updated

2026-05-18

CVE-2021-41973

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache MINA versions prior to 2.1.5

Description A specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected.

Recommendations For Apache MINA versions prior to 2.1.5, update MINA to 2.1.5 or greater. As a temporary workaround, consider restricting the handling of HTTP requests to prevent indefinite looping until a patch is applied.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CLEANSTART-2026-DD05788

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RN56220

CLEANSTART-2026-VH41554

CVE-2021-41973

GHSA-6MCM-J9CJ-3VC3

OESA-2021-1435

Affected Products

Apache Mina

Debian

PT-2021-23461 · Apache+1 · Apache Mina+1

CVE-2021-41973

Weakness Enumeration

Related Identifiers

Affected Products

References · 253