CVE-2021-30129
DoS/OOM leak vulnerability in Apache Mina SSHD Server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Una vulnerabilidad en sshd-core de Apache Mina SSHD, permite a un atacante desbordar el servidor causando un error de tipo OutOfMemory. Este problema afecta a las funcionalidades SFTP y port forwarding de Apache Mina SSHD versión 2.0.0 y posteriores. Se ha solucionado en Apache Mina SSHD versión 2.7.0
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-05 CVE Reserved
- 2021-07-12 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/07/12/1 | Mailing List |
|
| https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E | Mailing List | |
| https://www.oracle.com/security-alerts/cpujul2022.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Sshd Search vendor "Apache" for product "Sshd" | >= 2.0.0 < 2.7.0 Search vendor "Apache" for product "Sshd" and version " >= 2.0.0 < 2.7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Payments Search vendor "Oracle" for product "Banking Payments" | 14.5 Search vendor "Oracle" for product "Banking Payments" and version "14.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Trade Finance Search vendor "Oracle" for product "Banking Trade Finance" | 14.5 Search vendor "Oracle" for product "Banking Trade Finance" and version "14.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Banking Treasury Management Search vendor "Oracle" for product "Banking Treasury Management" | 14.5 Search vendor "Oracle" for product "Banking Treasury Management" and version "14.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console" | 1.9.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking" | >= 14.0.0 <= 14.3.0 Search vendor "Oracle" for product "Flexcube Universal Banking" and version " >= 14.0.0 <= 14.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking" | 14.5 Search vendor "Oracle" for product "Flexcube Universal Banking" and version "14.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Middleware Common Libraries And Tools Search vendor "Oracle" for product "Middleware Common Libraries And Tools" | 12.2.1.3.0 Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Middleware Common Libraries And Tools Search vendor "Oracle" for product "Middleware Common Libraries And Tools" | 12.2.1.4.0 Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Middleware Common Libraries And Tools Search vendor "Oracle" for product "Middleware Common Libraries And Tools" | 14.1.1.0.0 Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "14.1.1.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Oss Support Tools Search vendor "Oracle" for product "Oss Support Tools" | 2.12.42 Search vendor "Oracle" for product "Oss Support Tools" and version "2.12.42" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" | 18.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "18.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Customer Management And Segmentation Foundation Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" | 19.0 Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "19.0" | - |
Affected
| ||||||