Sign In

CVE-2022-45047

ADVISORY - github

Summary

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Until version 2.1.0, the code affected by this vulnerability appeared in org.apache.sshd:sshd-core. Version 2.1.0 contains a commit where the code was moved to the package org.apache.sshd:sshd-common, which did not exist until version 2.1.0.

EPSS Score: 0.0397 (0.879)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-502

Deserialization of Untrusted Data

ADVISORY - github

CWE-502

Deserialization of Untrusted Data

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-502

Deserialization of Untrusted Data

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-502

Deserialization of Untrusted Data

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2022-45047
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-502

CVSS SCORE

9.8critical

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-fhw8-8j55-vwgq
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-502

CVSS SCORE

9.8critical

Debian

CREATED

UPDATED

ADVISORY IDCVE-2022-45047
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2022-45047

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-502CWE-937

CVSS SCORE

9.8critical

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2022-45047
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-502

CVSS SCORE

9.8high