CVE-2022-45047
published 2022-11-16CVE-2022-45047: Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | sshd | <= 2.9.1 | — |
| apache_software_foundation | apache_mina_sshd | unspecified – 2.9.1 | — |
| debian | libmina-sshd-java | — | — |