| Vulnerability Name: | CVE-2021-30129 (CCN-205211) | ||||||||||||
| Assigned: | 2021-07-12 | ||||||||||||
| Published: | 2021-07-12 | ||||||||||||
| Updated: | 2022-07-25 | ||||||||||||
| Summary: | A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-772 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-30129 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server Source: XF Type: UNKNOWN apache-cve202130129-dos(205211) Source: CONFIRM Type: Mailing List, Vendor Advisory N/A Source: MLIST Type: Mailing List, Vendor Advisory [mina-users] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server Source: MLIST Type: Mailing List, Vendor Advisory [announce] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server Source: CCN Type: Apache Web site Apache Mina SSHD Source: CCN Type: oss-sec Mailing List, Mon, 12 Jul 2021 11:53:55 +0000 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server Source: CCN Type: IBM Security Bulletin 6854327 (Sterling artner Engagement Manager) IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to sshd-core (CVE-2021-30129) Source: CCN Type: Oracle CPUApr2022 Oracle Critical Patch Update Advisory - April 2022 Source: MISC Type: Patch, Third Party Advisory https://www.oracle.com/security-alerts/cpuapr2022.html Source: CCN Type: Oracle CPUJul2022 Oracle Critical Patch Update Advisory - July 2022 Source: N/A Type: UNKNOWN N/A | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||