Vulnerability Details CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.openwall.com/lists/oss-security/2021/07/12/1
- https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
- https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
- https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://www.openwall.com/lists/oss-security/2021/07/12/1
- https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
- https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
- https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Products affected by CVE-2021-30129
-
cpe:2.3:a:apache:sshd:2.0.0
-
cpe:2.3:a:apache:sshd:2.1.0
-
cpe:2.3:a:apache:sshd:2.2.0
-
cpe:2.3:a:apache:sshd:2.3.0
-
cpe:2.3:a:apache:sshd:2.4.0
-
cpe:2.3:a:apache:sshd:2.5.0
-
cpe:2.3:a:apache:sshd:2.5.1
-
cpe:2.3:a:apache:sshd:2.6.0
-
cpe:2.3:a:oracle:banking_payments:14.5
-
cpe:2.3:a:oracle:banking_trade_finance:14.5
-
cpe:2.3:a:oracle:banking_treasury_management:14.5
-
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0
-
cpe:2.3:a:oracle:flexcube_universal_banking:14.0.0
-
cpe:2.3:a:oracle:flexcube_universal_banking:14.1.0
-
cpe:2.3:a:oracle:flexcube_universal_banking:14.2.0
-
cpe:2.3:a:oracle:flexcube_universal_banking:14.3.0
-
cpe:2.3:a:oracle:flexcube_universal_banking:14.5
-
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0
-
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0
-
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0
-
cpe:2.3:a:oracle:oss_support_tools:2.12.42
-
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0
-
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0