CVE-2022-45047

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-45047

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45047.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-45047

Aliases

GHSA-fhw8-8j55-vwgq

Related

Published

2022-11-16T09:15:14Z

Modified

2024-09-03T07:49:40.119700Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

References

Affected packages

Git / github.com/apache/mina-sshd

Affected ranges

Type: GIT
Repo: https://github.com/apache/mina-sshd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

195c5fb45a29ca95d152ea1f659f3711afaa740c

Affected versions

sshd-0.*

sshd-0.10.0

sshd-0.10.1

sshd-0.11.0

sshd-0.12.0

sshd-0.13.0

sshd-0.9.0

sshd-1.*

sshd-1.0.0

sshd-1.1.0

sshd-1.2.0

sshd-1.3.0

sshd-1.4.0

sshd-1.5.0

sshd-1.6.0

sshd-1.7.0

sshd-2.*

sshd-2.0.0

sshd-2.1.0

sshd-2.2.0

sshd-2.3.0

sshd-2.4.0

sshd-2.5.0

sshd-2.5.1

sshd-2.6.0

sshd-2.7.0

sshd-2.8.0

sshd-2.9.0

sshd-2.9.1