6.5

CVE-2021-30129

EPSS 0.23%
Published 12.07.2021 12:15:07
Last modified 21.11.2024 06:03:21
Source security@apache.org
Teams watchlist Login
Open Login

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Sshd Version >= 2.0.0 < 2.7.0

Oracle ≫ Banking Payments Version14.5

Oracle ≫ Banking Trade Finance Version14.5

Oracle ≫ Banking Treasury Management Version14.5

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Oracle ≫ Flexcube Universal Banking Version >= 14.0.0 <= 14.3.0

Oracle ≫ Flexcube Universal Banking Version14.5

Oracle ≫ Middleware Common Libraries And Tools Version12.2.1.3.0

Oracle ≫ Middleware Common Libraries And Tools Version12.2.1.4.0

Oracle ≫ Middleware Common Libraries And Tools Version14.1.1.0.0

Oracle ≫ Oss Support Tools Version2.12.42

Oracle ≫ Retail Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.455

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

http://www.openwall.com/lists/oss-security/2021/07/12/1

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2021-30129

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30129

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30129

EUVD