{"id":"CVE-2021-41079","details":"Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.","aliases":["BIT-tomcat-2021-41079","GHSA-59g9-7gfx-c72p"],"modified":"2026-04-10T04:38:11.888990Z","published":"2021-09-16T15:15:07.690Z","related":["MGASA-2021-0485","SUSE-SU-2021:3602-1","SUSE-SU-2021:3669-1","SUSE-SU-2021:3670-1","SUSE-SU-2021:3672-1","SUSE-SU-2026:1058-1","openSUSE-SU-2021:1490-1","openSUSE-SU-2021:3672-1","openSUSE-SU-2024:11618-1","openSUSE-SU-2024:13441-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb4de81ac647043541a32881099aa6eb5a23f1b7fd116f713f8ab9dbe%40%3Cdev.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00012.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211008-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4986"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"e37b977db6f47e4380ad67114a49e8568951c953"},{"fixed":"c47f86adea090175669df8b2ca04c93050bcaf8c"},{"introduced":"16bf392c67833ad549733b58c350ff92b5ee782a"},{"fixed":"7b4007a6a77300056f4681b064d7332c2284cbdd"},{"introduced":"4c8b650437e2464c1c31c6598a263b3805b7a81f"},{"last_affected":"228209117457e9b30d96f235c45efac9d4b8d9cb"},{"introduced":"0"},{"last_affected":"16bf392c67833ad549733b58c350ff92b5ee782a"},{"introduced":"0"},{"last_affected":"4c8b650437e2464c1c31c6598a263b3805b7a81f"},{"introduced":"0"},{"last_affected":"56e547d387ab49f688c93fe9ca082b1b5d94deed"}],"database_specific":{"versions":[{"introduced":"8.5.0"},{"fixed":"8.5.64"},{"introduced":"9.0.0"},{"fixed":"9.0.44"},{"introduced":"10.0.0"},{"last_affected":"10.0.2"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"11.0"}]}}],"versions":["10.0.0","10.0.2","11.0.0","9.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41079.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}