{ "threat_severity" : "Moderate", "public_date" : "2021-07-12T00:00:00Z", "bugzilla" : { "description" : "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", "id" : "1981527", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1981527" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0" ], "statement" : "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "affected_release" : [ { "product_name" : "Red Hat Fuse 7.10", "release_date" : "2021-12-14T00:00:00Z", "advisory" : "RHSA-2021:5134", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "sshd-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4679", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "sshd-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4677", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4676", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el7eap" }, { "product_name" : "RHINT Camel-Q 2.2.1", "release_date" : "2022-03-22T00:00:00Z", "advisory" : "RHSA-2022:1013", "cpe" : "cpe:/a:redhat:camel_quarkus:2.2.1" }, { "product_name" : "RHPAM 7.13.4 async", "release_date" : "2023-09-05T00:00:00Z", "advisory" : "RHSA-2023:4983", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "package" : "sshd-core", "impact" : "low" } ], "package_state" : [ { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "sshd-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Not affected", "package_name" : "sshd-common", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Affected", "package_name" : "sshd-sftp", "cpe" : "cpe:/a:redhat:integration:1", "impact" : "low" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "fix_state" : "Affected", "package_name" : "sshd-sftp", "cpe" : "cpe:/a:redhat:camel_quarkus:2", "impact" : "low" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "sshd-core", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Out of support scope", "package_name" : "sshd-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "sshd-core", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Out of support scope", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Out of support scope", "package_name" : "opendaylight", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-30129\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30129" ], "name" : "CVE-2021-30129", "csaw" : false }