Missing Release of Resource after Effective Lifetime

CVE-2021-30129

Medium

6.5/10

Summary

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-772 - Missing Release Of Resource After Effective Lifetime

'Missing release of resource after effective lifetime' is a weakness that occurs when software doesn't sufficiently release a resource (e.g. memory, CPU, disk space, etc.) after it is used. If not addressed, attackers can launch a denial of service attack (by allocating a resource and not releasing it).

References

Advisory
Mail Thread
Issue
Pull request

Advisory Timeline

Published Jul 12, 2021

Missing Release of Resource after Effective Lifetime

CVE-2021-30129

Summary

CWE-772 - Missing Release Of Resource After Effective Lifetime

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS