// For flags

CVE-2021-30129

DoS/OOM leak vulnerability in Apache Mina SSHD Server

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Una vulnerabilidad en sshd-core de Apache Mina SSHD, permite a un atacante desbordar el servidor causando un error de tipo OutOfMemory. Este problema afecta a las funcionalidades SFTP y port forwarding de Apache Mina SSHD versión 2.0.0 y posteriores. Se ha solucionado en Apache Mina SSHD versión 2.7.0

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-05 CVE Reserved
  • 2021-07-12 CVE Published
  • 2024-03-14 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Sshd
Search vendor "Apache" for product "Sshd"
>= 2.0.0 < 2.7.0
Search vendor "Apache" for product "Sshd" and version " >= 2.0.0 < 2.7.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Payments
Search vendor "Oracle" for product "Banking Payments"
14.5
Search vendor "Oracle" for product "Banking Payments" and version "14.5"
-
Affected
Oracle
Search vendor "Oracle"
Banking Trade Finance
Search vendor "Oracle" for product "Banking Trade Finance"
14.5
Search vendor "Oracle" for product "Banking Trade Finance" and version "14.5"
-
Affected
Oracle
Search vendor "Oracle"
Banking Treasury Management
Search vendor "Oracle" for product "Banking Treasury Management"
14.5
Search vendor "Oracle" for product "Banking Treasury Management" and version "14.5"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Console
Search vendor "Oracle" for product "Communications Cloud Native Core Console"
1.9.0
Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0"
-
Affected
Oracle
Search vendor "Oracle"
Flexcube Universal Banking
Search vendor "Oracle" for product "Flexcube Universal Banking"
>= 14.0.0 <= 14.3.0
Search vendor "Oracle" for product "Flexcube Universal Banking" and version " >= 14.0.0 <= 14.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Flexcube Universal Banking
Search vendor "Oracle" for product "Flexcube Universal Banking"
14.5
Search vendor "Oracle" for product "Flexcube Universal Banking" and version "14.5"
-
Affected
Oracle
Search vendor "Oracle"
Middleware Common Libraries And Tools
Search vendor "Oracle" for product "Middleware Common Libraries And Tools"
12.2.1.3.0
Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Middleware Common Libraries And Tools
Search vendor "Oracle" for product "Middleware Common Libraries And Tools"
12.2.1.4.0
Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "12.2.1.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Middleware Common Libraries And Tools
Search vendor "Oracle" for product "Middleware Common Libraries And Tools"
14.1.1.0.0
Search vendor "Oracle" for product "Middleware Common Libraries And Tools" and version "14.1.1.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Oss Support Tools
Search vendor "Oracle" for product "Oss Support Tools"
2.12.42
Search vendor "Oracle" for product "Oss Support Tools" and version "2.12.42"
-
Affected
Oracle
Search vendor "Oracle"
Retail Customer Management And Segmentation Foundation
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"
18.0
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "18.0"
-
Affected
Oracle
Search vendor "Oracle"
Retail Customer Management And Segmentation Foundation
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation"
19.0
Search vendor "Oracle" for product "Retail Customer Management And Segmentation Foundation" and version "19.0"
-
Affected