CVE-2021-30129

MEDIUM

Apache Mina SSHD <2.7.0 - Buffer Overflow

Title source: llm

Description

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

References (5)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/07/12/1

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (15)

apache/sshd 2.0.0 - 2.7.0

oracle/banking_payments 14.5

oracle/banking_trade_finance 14.5

oracle/banking_treasury_management 14.5

oracle/communications_cloud_native_core_console 1.9.0

oracle/flexcube_universal_banking 14.5

oracle/flexcube_universal_banking 14.0.0 - 14.3.0

oracle/middleware_common_libraries_and_tools 12.2.1.3.0

oracle/middleware_common_libraries_and_tools 12.2.1.4.0

oracle/middleware_common_libraries_and_tools 14.1.1.0.0

... and 5 more

Published Jul 12, 2021

Tracked Since Feb 18, 2026