Описание
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Отчет
Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | sshd-core | Out of support scope | ||
| Red Hat build of Quarkus | sshd-common | Not affected | ||
| Red Hat CodeReady Studio 12 | org.apache.sshd.sftp | Will not fix | ||
| Red Hat Integration Camel K 1 | sshd-sftp | Affected | ||
| Red Hat JBoss A-MQ 6 | sshd-core | Out of support scope | ||
| Red Hat JBoss BRMS 6 | sshd-core | Out of support scope | ||
| Red Hat JBoss Fuse 6 | sshd-core | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Out of support scope | ||
| EAP 7.4.2 release | sshd-core | Fixed | RHSA-2021:4679 | 15.11.2021 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...
Уязвимость компонента sshd-core java-библиотеки для поддержки SSH-протоколов Apache SSHD, позволяющая нарушителю вызвать отказ в обслуживании
6.5 Medium
CVSS3