Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 576714

Summary: Upgrade org.apache.sshd:sshd-core to version 2.7.0
Product: [Technology] JGit Reporter: Anagh Hegde <anagh.hv>
Component: JGitAssignee: Project Inbox <jgit.core-inbox>
Status: CLOSED DUPLICATE QA Contact:
Severity: normal    
Priority: P3 CC: anagh.hv, twolf
Version: 5.12   
Target Milestone: ---   
Hardware: All   
OS: All   
URL: https://vuldb.com/?id.178275
Whiteboard:

Description Anagh Hegde CLA 2021-10-19 01:42:37 EDT
Affected versions of this package are vulnerable to Buffer Overflow. It allows an attacker to overflow the server causing an OutOfMemory error.

Reference:
https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E

https://github.com/apache/mina-sshd/commit/18609370696cc52ac780864237b37b2f173c4090
Comment 1 Anagh Hegde CLA 2021-10-19 03:12:42 EDT
This got fixed in 5.13 my bad.
Comment 2 Thomas Wolf CLA 2021-10-19 04:47:14 EDT

*** This bug has been marked as a duplicate of bug 574220 ***