Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-30129

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Published

2021-07-12T12:15:07.783

Last Modified

2024-11-21T06:03:21.897

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-772

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	sshd	< 2.7.0	Yes
Application	oracle	banking_payments	14.5	Yes
Application	oracle	banking_trade_finance	14.5	Yes
Application	oracle	banking_treasury_management	14.5	Yes
Application	oracle	communications_cloud_native_core_console	1.9.0	Yes
Application	oracle	flexcube_universal_banking	≤ 14.3.0	Yes
Application	oracle	flexcube_universal_banking	14.5	Yes
Application	oracle	middleware_common_libraries_and_tools	12.2.1.3.0	Yes
Application	oracle	middleware_common_libraries_and_tools	12.2.1.4.0	Yes
Application	oracle	middleware_common_libraries_and_tools	14.1.1.0.0	Yes
Application	oracle	oss_support_tools	2.12.42	Yes
Application	oracle	retail_customer_management_and_segmentation_foundation	18.0	Yes
Application	oracle	retail_customer_management_and_segmentation_foundation	19.0	Yes

References

http://www.openwall.com/lists/oss-security/2021/07/12/1 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2022.html ([email protected])
http://www.openwall.com/lists/oss-security/2021/07/12/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html (af854a3a-2127-422b-91ae-364da2661108)