{
  "threat_severity" : "Moderate",
  "public_date" : "2021-11-01T00:00:00Z",
  "bugzilla" : {
    "description" : "mina-core: infinite loop may lead to DoS",
    "id" : "2027176",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2027176"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-835",
  "details" : [ "In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater." ],
  "package_state" : [ {
    "product_name" : "Red Hat BPM Suite 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Integration Camel K 1",
    "fix_state" : "Not affected",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:integration:1"
  }, {
    "product_name" : "Red Hat Integration Camel Quarkus 1",
    "fix_state" : "Not affected",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:camel_quarkus:2"
  }, {
    "product_name" : "Red Hat JBoss A-MQ 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_amq:6"
  }, {
    "product_name" : "Red Hat JBoss BRMS 5",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5"
  }, {
    "product_name" : "Red Hat JBoss BRMS 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Data Virtualization 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6"
  }, {
    "product_name" : "Red Hat JBoss Fuse Service Works 6",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6"
  }, {
    "product_name" : "Red Hat JBoss SOA Platform 5",
    "fix_state" : "Out of support scope",
    "package_name" : "mina-core",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-41973\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41973" ],
  "name" : "CVE-2021-41973",
  "csaw" : false
}