CVE-2022-45047

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45047
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45047.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45047
Aliases
Related
Published
2022-11-16T09:15:14Z
Modified
2024-09-03T04:20:45.146167Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

References

Affected packages

Git / github.com/apache/mina-sshd

Affected ranges

Type
GIT
Repo
https://github.com/apache/mina-sshd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

sshd-0.*

sshd-0.10.0
sshd-0.10.1
sshd-0.11.0
sshd-0.12.0
sshd-0.13.0
sshd-0.9.0

sshd-1.*

sshd-1.0.0
sshd-1.1.0
sshd-1.2.0
sshd-1.3.0
sshd-1.4.0
sshd-1.5.0
sshd-1.6.0
sshd-1.7.0

sshd-2.*

sshd-2.0.0
sshd-2.1.0
sshd-2.2.0
sshd-2.3.0
sshd-2.4.0
sshd-2.5.0
sshd-2.5.1
sshd-2.6.0
sshd-2.7.0
sshd-2.8.0
sshd-2.9.0
sshd-2.9.1