CVE-2021-30129
Buffer Overflow in Apache Mina SSHD
7.5
HIGH
CVSS 3.1
EPSS 0.24%
Description
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
How to fix CVE-2021-30129
To remediate CVE-2021-30129, upgrade the affected package to a fixed version below.
- —upgrade to 2.7.0 or later
- —upgrade to 2.7.0 or later
Is CVE-2021-30129 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.0.0, < 2.7.0
- >= 2.0.0, < 2.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (8)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-30129
- WEBissues.apache.org/jira/browse/SSHD-1125
- WEBlists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E
- WEBlists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E