Description
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
References (5)
Core 5
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/07/12/1
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
6.5
EPSS
0.0339
EPSS Percentile
87.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (15)
apache/sshd
2.0.0 - 2.7.0
oracle/banking_payments
14.5
oracle/banking_trade_finance
14.5
oracle/banking_treasury_management
14.5
oracle/communications_cloud_native_core_console
1.9.0
oracle/flexcube_universal_banking
14.5
oracle/flexcube_universal_banking
14.0.0 - 14.3.0
oracle/middleware_common_libraries_and_tools
12.2.1.3.0
oracle/middleware_common_libraries_and_tools
12.2.1.4.0
oracle/middleware_common_libraries_and_tools
14.1.1.0.0
... and 5 more
Published
Jul 12, 2021
Tracked Since
Feb 18, 2026