PT-2021-4032 · Apache · Apache Mina Sshd

Published

2021-07-12

Updated

2022-07-25

CVE-2021-30129

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Mina SSHD versions 2.0.0 through 2.6.x

Description A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server, causing an OutOfMemory error. This issue affects the SFTP and port forwarding features.

Recommendations For Apache Mina SSHD versions 2.0.0 through 2.6.x, update to Apache Mina SSHD 2.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the SFTP and port forwarding features until the update is applied.

Fix

Resource Exhaustion

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-772

Related Identifiers

BDU:2021-04559

CVE-2021-30129

GHSA-9279-7HPH-R3XW

OESA-2021-1312

RHSA-2021:4676

RHSA-2021:4677

Affected Products

Apache Mina Sshd

PT-2021-4032 · Apache · Apache Mina Sshd

CVE-2021-30129

Weakness Enumeration

Related Identifiers

Affected Products

References · 19