CVE-2021-30129

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.openwall.com/lists/oss-security/2021/07/12/1 Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E Mailing List Vendor Advisory
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
History

25 Jul 2022, 18:15

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

10 May 2022, 15:21

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

28 Jul 2021, 17:07

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5 		v2 : 4.0
v3 : 6.5

26 Jul 2021, 16:24

Type Values Removed Values Added
CPE cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:* cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*

22 Jul 2021, 13:08

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/07/12/1 - Mailing List, Third Party Advisory
  • (MLIST) https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory
References (MLIST) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E - Mailing List, Vendor Advisory
References (CONFIRM) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E - (CONFIRM) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E - Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:*
CWE CWE-772

12 Jul 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E -

12 Jul 2021, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-07-12 12:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-30129

Mitre link : CVE-2021-30129

CVE.ORG link : CVE-2021-30129

JSON object : View

Products Affected

oracle

  • flexcube_universal_banking
  • communications_cloud_native_core_console
  • banking_treasury_management
  • oss_support_tools
  • banking_payments
  • middleware_common_libraries_and_tools
  • retail_customer_management_and_segmentation_foundation
  • banking_trade_finance

apache

  • sshd
CWE
CWE-772

Missing Release of Resource after Effective Lifetime