Critical severity9.8NVD Advisory· Published Nov 16, 2022· Updated May 1, 2026
CVE-2022-45047
CVE-2022-45047
Description
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.sshd:sshd-commonMaven | < 2.9.2 | 2.9.2 |
org.apache.sshd:sshd-coreMaven | < 2.9.2 | 2.9.2 |
Affected products
18- ghsa-coords17 versionspkg:maven/org.apache.sshd/sshd-commonpkg:maven/org.apache.sshd/sshd-corepkg:rpm/opensuse/apache-parent&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/apache-sshd&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/apache-sshd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache-sshd&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 2.9.2+ 16 more
- (no CPE)range: < 2.9.2
- (no CPE)range: < 2.9.2
- (no CPE)range: < 31-150200.3.12.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.9.2-1.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
- (no CPE)range: < 2.12.0-150200.5.8.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-fhw8-8j55-vwgqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-45047ghsaADVISORY
- github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32ghsaWEB
- github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0ghsaWEB
- github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5ghsaWEB
- www.mail-archive.com/dev@mina.apache.org/msg39312.htmlghsaWEB
- security.netapp.com/advisory/ntap-20240216-0008/nvd
- www.mail-archive.com/dev%40mina.apache.org/msg39312.htmlnvd
News mentions
0No linked articles in our index yet.