CVE-2021-30129

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E", "name": "N/A", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E", "name": "[mina-users] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E", "name": "[announce] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2021/07/12/1", "name": "[oss-security] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "name": "N/A", "tags": [], "refsource": "N/A"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-772"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-30129", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2021-07-12T12:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.7.0", "versionStartIncluding": "2.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "14.3.0", "versionStartIncluding": "14.0.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-07-25T18:15Z"}