CVE-2021-30129

Опубликовано: 12 июл. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Ссылки

http://www.openwall.com/lists/oss-security/2021/07/12/1
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
Mailing List
Vendor Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
Mailing List
Vendor Advisory
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2021/07/12/1
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
Mailing List
Vendor Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
Mailing List
Vendor Advisory
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.7.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*

Версия от 14.0.0 (включая) до 14.3.0 (включая)

cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-772

Связанные уязвимости

CVE-2021-30129

CVSS3: 6.5

redhat

больше 4 лет назад

CVE-2021-30129

CVSS3: 6.5

debian

больше 4 лет назад

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...

GHSA-9279-7hph-r3xw

CVSS3: 7.5

github

больше 4 лет назад

Buffer Overflow in Apache Mina SSHD

BDU:2021-04559

CVSS3: 7.5

fstec

больше 4 лет назад

Уязвимость компонента sshd-core java-библиотеки для поддержки SSH-протоколов Apache SSHD, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 45%

0.00228

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-772