CVE-2021-30129
DoS/OOM leak vulnerability in Apache Mina SSHD Server
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Una vulnerabilidad en sshd-core de Apache Mina SSHD, permite a un atacante desbordar el servidor causando un error de tipo OutOfMemory. Este problema afecta a las funcionalidades SFTP y port forwarding de Apache Mina SSHD versión 2.0.0 y posteriores. Se ha solucionado en Apache Mina SSHD versión 2.7.0
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-05 CVE Reserved
- 2021-07-12 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/07/12/1 | Mailing List | |
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E | Mailing List | |
https://www.oracle.com/security-alerts/cpujul2022.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Sshd Search vendor "Apache" for product "Sshd" | >= 2.0.0 < 2.7.0 Search vendor "Apache" for product "Sshd" and version " >= 2.0.0 < 2.7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Payments Search vendor "Oracle" for product "Banking Payments" | 14.5 Search vendor "Oracle" for product "Banking Payments" and version "14.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Trade Finance Search vendor "Oracle" for product "Banking Trade Finance" | 14.5 Search vendor "Oracle" for product "Banking Trade Finance" and version "14.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Banking Treasury Management Search vendor "Oracle" for product "Banking Treasury Management" | 14.5 Search vendor "Oracle" for product "Banking Treasury Management" and version "14.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console" | 1.9.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking" | >= 14.0.0 <= 14.3.0 Search vendor "Oracle" for product "Flexcube Universal Banking" and version " >= 14.0.0 <= 14.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking" | 14.5 Search vendor "Oracle" for product "Flexcube Universal Banking" and version "14.5" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Middleware Common Libraries And Tools Search vendor "Oracle" for product "Middleware Common Libraries And Tools" | 12.2.1.3.0 Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "12.2.1.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Middleware Common Libraries And Tools Search vendor "Oracle" for product "Middleware Common Libraries And Tools" | 12.2.1.4.0 Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "12.2.1.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Middleware Common Libraries And Tools Search vendor "Oracle" for product "Middleware Common Libraries And Tools" | 14.1.1.0.0 Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "14.1.1.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Oss Support Tools Search vendor "Oracle" for product "Oss Support Tools" | 2.12.42 Search vendor "Oracle" for product "Oss Support Tools" and version "2.12.42" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" | 18.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "18.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" | 19.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "19.0" | - |
Affected
|