CVE-2021-30129

CWE-772 CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 53.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Mina Sshd Apache Sshd Oracle Flexcube Universal Banking +7 more

Timeline

PublishedJul 12

Latest updateApr 15

Description

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶Mavenorg.apache.sshd:sshd-mina2.0.0 — 2.7.0

▶CVEListV5apache_software_foundation/apache_mina_sshd2.0.0 — Apache Mina SSHD*

▶Mavenorg.apache.sshd:sshd-core2.0.0 — 2.7.0

▶NVDapache/sshd2.0.0 — 2.7.0

▶NVDoracle/oss_support_tools2.12.42

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Buffer Overflow in Apache Mina SSHD↗2021-08-02

▶

GHSA

Buffer Overflow in Apache Mina SSHD↗2021-08-02

▶

CVEList

DoS/OOM leak vulnerability in Apache Mina SSHD Server↗2021-07-12

▶

📋Vendor Advisories

Oracle

Oracle Oracle JD Edwards Risk Matrix: Interoperability SEC (Apache Mina SSHD) — CVE-2021-30129↗2023-04-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: NextGen Installer issues (Apache MINA SSHD) — CVE-2021-30129↗2022-07-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: CNC Console (Apache MINA SSHD) — CVE-2021-30129↗2022-04-15

▶

Red Hat

mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server↗2021-07-12

▶

Debian

CVE-2021-30129: libmina-sshd-java - A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow ...↗2021

▶