CVE-2022-45047

CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability

Vendor Apache Software Foundation

Product Apache MINA SSHD

Weakness CWE-502 · Unsafe deserialization

Published November 16, 2022

Last update May 1, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Key dates

Disclosure timeline

November 16, 2022 CVE published

May 1, 2026 Record updated