CVE-2022-45047

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/45xxx/CVE-2022-45047.json",
    "cwe_ids": [
        "CWE-502"
    ],
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "2.9.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/apache/mina-sshd

Affected ranges

Type

GIT

Repo

https://github.com/apache/mina-sshd

Events

Introduced

Last affected

195c5fb45a29ca95d152ea1f659f3711afaa740c

Database specific

{
    "cpe": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.1"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

sshd-0.*

sshd-0.10.0

sshd-0.10.1

sshd-0.11.0

sshd-0.12.0

sshd-0.13.0

sshd-0.9.0

sshd-1.*

sshd-1.0.0

sshd-1.1.0

sshd-1.2.0

sshd-1.3.0

sshd-1.4.0

sshd-1.5.0

sshd-1.6.0

sshd-1.7.0

sshd-2.*

sshd-2.0.0

sshd-2.1.0

sshd-2.2.0

sshd-2.3.0

sshd-2.4.0

sshd-2.5.0

sshd-2.5.1

sshd-2.6.0

sshd-2.7.0

sshd-2.8.0

sshd-2.9.0

sshd-2.9.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45047.json"