Description
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
Remediation
References
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/01/2
http://www.openwall.com/lists/oss-security/2021/11/01/8
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2022-2932 Vulnerability in maven package org.webjars.npm:mobiledoc-kit
CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider
CVE-2021-26073 Vulnerability in npm package atlassian-connect-express
CVE-2022-41932 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-31129 Vulnerability in maven package org.webjars:momentjs