A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/07/12/1 | Mailing List Third Party Advisory |
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E | Mailing List Vendor Advisory |
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E | |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 15:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle oss Support Tools
Oracle Oracle flexcube Universal Banking Oracle retail Customer Management And Segmentation Foundation Oracle banking Trade Finance Oracle communications Cloud Native Core Console Oracle middleware Common Libraries And Tools Oracle banking Payments Oracle banking Treasury Management |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jul 2021, 17:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
26 Jul 2021, 16:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:* |
22 Jul 2021, 13:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-772 | |
References |
|
|
References | (MLIST) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E - Mailing List, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:* |
12 Jul 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-12 12:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-30129
Mitre link : CVE-2021-30129
CVE.ORG link : CVE-2021-30129
JSON object : View
Products Affected
oracle
- banking_trade_finance
- middleware_common_libraries_and_tools
- communications_cloud_native_core_console
- oss_support_tools
- banking_payments
- flexcube_universal_banking
- retail_customer_management_and_segmentation_foundation
- banking_treasury_management
apache
- sshd
CWE
CWE-772
Missing Release of Resource after Effective Lifetime