Russh
Monthly
Denial of service in Russh (Rust SSH client/server library) versions 0.34.0 through 0.60.x allows remote SSH peers to trigger excessive memory allocation by sending oversized, high-fanout, or malformed length-prefixed SSH strings, name-lists, and byte fields before field-specific bounds checks are applied. The flaw affects both client and server message handlers and impacts availability only (CVSS 7.5, C:N/I:N/A:H). No public exploit identified at time of analysis.
Denial of service in Russh (versions 0.37.0-0.60.x), a Rust SSH client and server library, allows a malicious SSH server to crash connecting clients by exploiting improper input validation in the keyboard-interactive authentication path. The server supplies an attacker-controlled prompt count in a USERAUTH_INFO_REQUEST message, which the client passes directly to Vec::with_capacity() before verifying the packet contains the claimed number of prompts - resulting in a panic or out-of-memory condition that terminates the client process. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Pre-authentication denial-of-service in russh SSH server library allows remote attackers to crash servers implementing keyboard-interactive authentication via a single malformed packet. Affects russh versions prior to 0.60.1. Attacker sends crafted SSH_MSG_USERAUTH_INFO_RESPONSE with inflated allocation count (e.g., 0x10000000), triggering multi-gigabyte memory allocation and OOM crash before any credential validation occurs. Vendor-released patch available (v0.60.1) bounds allocation to remaining packet data. Confirmed working exploit code exists per GitHub security advisory GHSA-f5v4-2wr6-hqmg. CVSS 7.5 (High) with network vector, low complexity, no privileges required.
Russh is a Rust SSH client & server library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Russh is a Rust SSH client & server library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.
russh is a Rust SSH client and server library. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Denial of service in Russh (Rust SSH client/server library) versions 0.34.0 through 0.60.x allows remote SSH peers to trigger excessive memory allocation by sending oversized, high-fanout, or malformed length-prefixed SSH strings, name-lists, and byte fields before field-specific bounds checks are applied. The flaw affects both client and server message handlers and impacts availability only (CVSS 7.5, C:N/I:N/A:H). No public exploit identified at time of analysis.
Denial of service in Russh (versions 0.37.0-0.60.x), a Rust SSH client and server library, allows a malicious SSH server to crash connecting clients by exploiting improper input validation in the keyboard-interactive authentication path. The server supplies an attacker-controlled prompt count in a USERAUTH_INFO_REQUEST message, which the client passes directly to Vec::with_capacity() before verifying the packet contains the claimed number of prompts - resulting in a panic or out-of-memory condition that terminates the client process. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Pre-authentication denial-of-service in russh SSH server library allows remote attackers to crash servers implementing keyboard-interactive authentication via a single malformed packet. Affects russh versions prior to 0.60.1. Attacker sends crafted SSH_MSG_USERAUTH_INFO_RESPONSE with inflated allocation count (e.g., 0x10000000), triggering multi-gigabyte memory allocation and OOM crash before any credential validation occurs. Vendor-released patch available (v0.60.1) bounds allocation to remaining packet data. Confirmed working exploit code exists per GitHub security advisory GHSA-f5v4-2wr6-hqmg. CVSS 7.5 (High) with network vector, low complexity, no privileges required.
Russh is a Rust SSH client & server library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Russh is a Rust SSH client & server library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.
russh is a Rust SSH client and server library. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.