Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNzktN2hwaC1yM3h3
Buffer Overflow in Apache Mina SSHD
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Permalink: https://github.com/advisories/GHSA-9279-7hph-r3xwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNzktN2hwaC1yM3h3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-9279-7hph-r3xw, CVE-2021-30129
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-30129
- https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
- https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E
- https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/07/12/1
- https://issues.apache.org/jira/browse/SSHD-1125
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/advisories/GHSA-9279-7hph-r3xw
Affected Packages
maven:org.apache.sshd:sshd-core
Dependent packages: 460Dependent repositories: 2,568
Downloads:
Affected Version Ranges: >= 2.0.0, < 2.7.0
Fixed in: 2.7.0
All affected versions: 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.5.1, 2.6.0
All unaffected versions: 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.6.0, 1.7.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.11.0, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.13.2, 2.14.0
maven:org.apache.sshd:sshd-mina
Dependent packages: 6Dependent repositories: 240
Downloads:
Affected Version Ranges: >= 2.0.0, < 2.7.0
Fixed in: 2.7.0
All affected versions: 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.5.1, 2.6.0
All unaffected versions: 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.11.0, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.13.2, 2.14.0