VulnerableCode Package Details - pkg:deb/debian/libmina-sshd-java@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-31an-9pvw-uqf6	Missing Release of Resource after Effective Lifetime A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD.	CVE-2021-30129 GHSA-9279-7hph-r3xw
VCID-netd-rr9e-wbg5	Unsafe deserialization in Apache MINA SSHD Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. Until version 2.1.0, the code affected by this vulnerability appeared in `org.apache.sshd:sshd-core`. Version 2.1.0 contains a [commit](https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0) where the code was moved to the package `org.apache.sshd:sshd-common`, which did not exist until version 2.1.0.	CVE-2022-45047 GHSA-fhw8-8j55-vwgq
VCID-r4e4-u4s6-63gc	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10	CVE-2023-35887 GHSA-mjmq-gwgm-5qhm
VCID-zxcy-vvmk-xbag	Apache MINA SSHD: integrity check bypass Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.	CVE-2024-41909 GHSA-2326-hx7g-3m9r

Vulnerability

Summary

Aliases

VCID-31an-9pvw-uqf6

Missing Release of Resource after Effective Lifetime A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD.

CVE-2021-30129
GHSA-9279-7hph-r3xw

VCID-netd-rr9e-wbg5

Unsafe deserialization in Apache MINA SSHD Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. Until version 2.1.0, the code affected by this vulnerability appeared in `org.apache.sshd:sshd-core`. Version 2.1.0 contains a [commit](https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0) where the code was moved to the package `org.apache.sshd:sshd-common`, which did not exist until version 2.1.0.

CVE-2022-45047
GHSA-fhw8-8j55-vwgq

VCID-r4e4-u4s6-63gc

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

CVE-2023-35887
GHSA-mjmq-gwgm-5qhm

VCID-zxcy-vvmk-xbag

Apache MINA SSHD: integrity check bypass Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

CVE-2024-41909
GHSA-2326-hx7g-3m9r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:45:23.107181+00:00	Debian Importer	Fixing	VCID-netd-rr9e-wbg5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:45:00.946644+00:00	Debian Importer	Fixing	VCID-r4e4-u4s6-63gc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:03:37.507549+00:00	Debian Importer	Fixing	VCID-31an-9pvw-uqf6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:46:42.107553+00:00	Debian Importer	Fixing	VCID-zxcy-vvmk-xbag	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:00:57.464469+00:00	Debian Importer	Fixing	VCID-netd-rr9e-wbg5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:30:27.744523+00:00	Debian Importer	Fixing	VCID-r4e4-u4s6-63gc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:04:23.914648+00:00	Debian Importer	Fixing	VCID-31an-9pvw-uqf6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:53:45.995408+00:00	Debian Importer	Fixing	VCID-zxcy-vvmk-xbag	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:29:03.293836+00:00	Debian Importer	Fixing	VCID-zxcy-vvmk-xbag	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:03.266003+00:00	Debian Importer	Fixing	VCID-r4e4-u4s6-63gc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:03.237430+00:00	Debian Importer	Fixing	VCID-netd-rr9e-wbg5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:03.209028+00:00	Debian Importer	Fixing	VCID-31an-9pvw-uqf6	https://security-tracker.debian.org/tracker/data/json	38.1.0