6.5

CVE-2021-30129

EPSS 0.23%
Veröffentlicht 12.07.2021 12:15:07
Zuletzt bearbeitet 21.11.2024 06:03:21
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Sshd Version >= 2.0.0 < 2.7.0

Oracle ≫ Banking Payments Version14.5

Oracle ≫ Banking Trade Finance Version14.5

Oracle ≫ Banking Treasury Management Version14.5

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Oracle ≫ Flexcube Universal Banking Version >= 14.0.0 <= 14.3.0

Oracle ≫ Flexcube Universal Banking Version14.5

Oracle ≫ Middleware Common Libraries And Tools Version12.2.1.3.0

Oracle ≫ Middleware Common Libraries And Tools Version12.2.1.4.0

Oracle ≫ Middleware Common Libraries And Tools Version14.1.1.0.0

Oracle ≫ Oss Support Tools Version2.12.42

Oracle ≫ Retail Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.455

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

http://www.openwall.com/lists/oss-security/2021/07/12/1

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2021-30129

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30129

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30129

EUVD