russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
Description
Summary
When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected.
In current releases, this is a remote denial-of-service / resource-exhaustion issue in the post-decompression receive path.
In older releases before 0.58.0, the same remote decompression path used CryptoVec, which appears to make the historical impact worse.
Details
The normal SSH transport read path enforces a packet-length limit before the packet body is read:
russh/src/cipher/mod.rs
However, RFC 4253 compression is applied to the SSH payload field only. The packet_length field and MAC are computed over the compressed payload, so a packet that is reasonably sized on the wire can still expand to a much larger message body after decompression.
In russh, compressed packet bodies are later decompressed in:
russh/src/compression.rsrussh/src/client/mod.rsrussh/src/server/session.rs
Before the fix, Decompress::decompress() grew its output buffer by repeated doubling and did not enforce a separate post-decompression ceiling. That meant a peer could send a small compressed packet that passed the normal on-wire transport length checks and then inflate it into a much larger packet after decompression.
It was verified that an attacker-crafted compressed payload can stay below the normal 256 KiB implementation transport packet cap while still inflating above the intended post-decompression bound. In other words, this is not only a "large on-wire packet" issue.
Version detail:
- The underlying post-decompression bounds bug appears to affect
russhas far back as0.34.0. - In historical releases
>= 0.34.0, < 0.58.0, the remote decompression path still usedCryptoVec. Remote compressed SSH traffic could drive that path, and under constrained memory that historical code path could abort the process. - In current-style releases
>= 0.58.0, non-secret packet/decompression buffers were moved offCryptoVecand ontoVec, but the post-decompression size still remained unbounded. So the bug class remained reachable remotely, but the maintained-line impact is a current remote DoS / oversized-packet-acceptance issue rather than the olderCryptoVec-based abort story. - The maintained-line fix was verified against
0.60.2.
Compression is not selected in a default-vs-default russh session because the default preference order puts none first. However, the default server configuration still advertises zlib and zlib@openssh.com, and server-side negotiation follows the client's preference order for common algorithms. A client that prefers compression can therefore negotiate it with a default russh server.
OpenSSH portable was checked at /home/mjc/projects/openssh-portable commit 45b30e0a5. OpenSSH enforces a 256 KiB transport packet cap before decompression, but it does not reuse that cap after decompression. Instead, decompression writes to an sshbuf, which is indirectly bounded by OpenSSH's SSHBUF_SIZE_MAX hard maximum of 0x8000000 bytes (128 MiB).
The patch direction should follow that model: add an explicit post-decompression ceiling of 128 MiB, rather than assuming the compressed transport packet cap also bounds decompressed payload size.
Relevant OpenSSH reference points:
/home/mjc/projects/openssh-portable/packet.c:PACKET_MAX_SIZE (256 * 1024)/home/mjc/projects/openssh-portable/packet.c:uncompress_buffer()inflates intocompression_buffer/home/mjc/projects/openssh-portable/sshbuf.h:SSHBUF_SIZE_MAX 0x8000000
RFC / OpenSSH Comparison
RFC 4253 section 6 defines the binary packet format:
packet_lengthpadding_lengthpayload- random padding
- MAC
RFC 4253 section 6.2 says that, when compression is negotiated, the payload field is compressed, and that packet_length and MAC are computed from the compressed payload. The RFC also says implementations should check that packet length is reasonable to avoid denial-of-service and buffer-overflow attacks.
That means the pre-decompression transport packet length check is necessary but not sufficient. A correct implementation still needs a reasonable bound on the decompressed payload that becomes parser input.
OpenSSH provides such a bound indirectly through sshbuf's hard maximum. The russh fix should make the corresponding post-decompression bound explicit.
PoC
There were two kinds of proof:
- a wire-cap sanity test showing an attacker-crafted best-compressed
DEBUGpayload can stay below the normal SSH transport packet cap while still inflating beyond the intended post-decompression bound - direct client and server receive-path tests that exercise the oversized post-decompression behavior itself
The current in-tree regression tests are:
tests::compress::oversized_debug_payload_can_stay_below_wire_capcompression::tests::oversized_decompressed_packet_is_rejectedclient::tests::compressed_debug_is_ignored_after_client_parses_itclient::tests::oversized_compressed_debug_is_rejected_before_client_ignores_itserver::session::tests::compressed_debug_is_ignored_after_server_parses_itserver::session::tests::oversized_compressed_debug_is_rejected_before_server_ignores_it
The important behavior is:
- An attacker-crafted best-compressed
DEBUGpayload can stay below the normal256 KiBtransport packet cap while still inflating beyond128 MiB. - In the direct client and server receive paths, small compressed
DEBUGpackets are still ignored normally after parsing. - In the direct client and server receive paths, oversized compressed
DEBUGpackets are rejected before the implementation reaches the normal "ignore DEBUG" behavior.
The strongest PoC for severity is the unauthenticated server-side case. A malicious client can choose zlib in the initial key exchange, because the default server advertises it and server-side negotiation follows the client's preference order for common algorithms. After NEWKEYS, but before authentication, the client can send a transport-layer SSH_MSG_DEBUG packet whose compressed body is below the transport packet cap but whose decompressed body exceeds the post-decompression cap.
That demonstrates the AV:N/AC:L/PR:N/UI:N case directly: the attacker is a remote SSH client and does not need a successfully authenticated session.
fn compressed_debug_payload(payload_len: usize) -> Vec {
let mut payload = vec![b'A'; payload_len];
payload[0] = crate::msg::DEBUG;
let mut encoder =
flate2::write::ZlibEncoder::new(Vec::new(), flate2::Compression::best());
encoder.write_all(&payload).unwrap();
let compressed = encoder.finish().unwrap();
assert!(
compressed.len() < 256 * 1024,
"oversized post-decompression payload still fits under the wire cap"
);
compressed
}
fn incoming_packet(compressed: Vec) -> SSHBuffer {
let mut buffer = SSHBuffer::new();
// maybe_decompress() receives the clear SSHBuffer after packet framing,
// and decompresses bytes after packet_length + padding_length.
buffer.buffer.extend_from_slice(&[0; 5]);
buffer.buffer.extend_from_slice(&compressed);
buffer
}
#[test]
fn unauthenticated_client_zlib_debug_is_rejected_by_server_before_auth() {
let mut server = preauth_server_session_after_newkeys_with_zlib_decompressor();
let oversized = MAXIMUM_DECOMPRESSED_PACKET_LEN + 1024;
let buffer = incoming_packet(compressed_debug_payload(oversized));
let err = server.maybe_decompress(&buffer).unwrap_err();
assert!(
matches!(err, crate::Error::PacketSize(len) if len > MAXIMUM_DECOMPRESSED_PACKET_LEN)
);
}
The equivalent wire-level attack shape is:
1. Connect to a russh server using the default compression advertisement.
2. Send SSH_MSG_KEXINIT with compression client-to-server preference:
zlib,zlib@openssh.com,none
3. Complete key exchange and send SSH_MSG_NEWKEYS.
4. Before any SSH_MSG_USERAUTH_REQUEST, send a compressed SSH_MSG_DEBUG packet:
- compressed packet body: < 256 KiB
- decompressed packet body: > 128 MiB
5. Vulnerable behavior: russh accepts and inflates the packet, then reaches the
normal DEBUG ignore path.
6. Fixed behavior: russh rejects during decompression with Error::PacketSize.
The direct receive-path client/server regression tests are still useful because they isolate the bug precisely. They construct the post-decryption compressed packet body passed to maybe_decompress() and prove that the oversized packet is rejected before normal DEBUG ignore handling. The server-side pre-auth variant above is the one that justifies the highest CVSS framing for this bug.
The most important targeted checks are:
cargo test -p russh oversized_debug_payload_can_stay_below_wire_cap -- --nocapture
cargo test -p russh oversized_compressed_debug_is_rejected_before_client_ignores_it -- --nocapture
cargo test -p russh oversized_compressed_debug_is_rejected_before_server_ignores_it -- --nocapture
Before the fix, both the direct client and direct server receive-path oversized checks went red because the compressed payload was accepted and decompressed instead of being rejected at the post-decompression boundary. After the fix, they pass.
Impact
Suggested CVSS v3.1 for current maintained releases:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H- Score:
7.5
Reasoning:
AV:N: reachable by a remote SSH peerAC:L: straightforward once compression is enabledPR:N,UI:N: no prior auth or user interaction requiredC:N,I:N: confidentiality or integrity impact was not demonstratedA:H: remote peer can cause oversized post-decompression packet processing and disconnect / denial of service
Affected versions:
- historical stronger case:
russh >= 0.34.0, < 0.58.0 - current maintained remote DoS case:
russh >= 0.58.0, including0.60.3
Fix / Patch Direction
Add an explicit maximum decompressed SSH packet size and enforce it inside Decompress::decompress() before returning decompressed bytes to the client or server packet parser.
The intended ceiling is 128 MiB, matching OpenSSH portable's effective sshbuf hard maximum for post-decompression packet storage. The fix should reject decompression output larger than that bound with a packet-size error before normal message dispatch.
The fix should preserve normal compressed packet behavior below the cap, including DEBUG packets that are decompressed and then ignored through the existing normal path.
Patch branch:
fix/zlib-decompression-cap
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In russh, when SSH compression is enabled, compressed packets that pass on-wire length checks can decompress to oversized sizes, enabling remote denial-of-service.
Vulnerability
In russh, when SSH compression is enabled, the post-decompression packet size is not bounded. The Decompress::decompress() function in russh/src/compression.rs grows its output buffer by repeated doubling without enforcing a separate ceiling. An on-wire packet under the 256 KiB transport packet cap can expand into a much larger message after decompression because RFC 4253 compression is applied only to the payload field, and the packet_length and MAC are computed over the compressed payload. This affects versions >= 0.34.0; in releases >= 0.34.0, < 0.58.0 the decompression path used CryptoVec, while current releases >= 0.58.0 continue to exhibit the same lack of post-decompression bounds [1][2].
Exploitation
A remote SSH peer that has negotiated compression with a russh-based client or server can send specially crafted compressed packets. The attacker needs only to establish an SSH session with compression enabled; no additional authentication or special privileges are required. By constructing packets that are small on the wire (below the 256 KiB transport limit) but compress to a much larger size, the attacker triggers uncontrolled memory allocation during decompression [1][2].
Impact
In current releases (>= 0.58.0), exploitation causes resource exhaustion leading to a remote denial-of-service condition. In older releases (>= 0.34.0, < 0.58.0), the same decompression path used CryptoVec, which under constrained memory could abort the process entirely, potentially resulting in a more severe crash. No confidentiality or integrity impact is described [1][2].
Mitigation
The available references [1][2] do not specify a patched version number. According to the advisory, a fix has been applied to the russh repository but a release containing the fix has not yet been announced. As a workaround, users should disable SSH compression in their russh configuration until a patched version is published. For deployments still on versions < 0.58.0, upgrading to a current release reduces the impact from process abort to resource exhaustion.
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
22692a6f66edaMerge commit from fork
5 files changed · +341 −7
russh/src/cipher/mod.rs+3 −0 modified@@ -363,6 +363,9 @@ const MAXIMUM_PADDING_LEN: usize = 19; const MAXIMUM_PACKET_LEN_HEADROOM: usize = PADDING_LENGTH_LEN + CHANNEL_EXTENDED_DATA_PACKET_OVERHEAD + MAXIMUM_PADDING_LEN; const MAXIMUM_PACKET_LEN: usize = MAXIMUM_PACKET_LEN_BASELINE + MAXIMUM_PACKET_LEN_HEADROOM; +// Keep post-decompression growth within the same packet-acceptance model as +// the transport read path. +pub(crate) const MAXIMUM_DECOMPRESSED_PACKET_LEN: usize = MAXIMUM_PACKET_LEN; #[cfg(feature = "_bench")] pub mod benchmark;
russh/src/client/mod.rs+107 −2 modified@@ -1666,7 +1666,9 @@ async fn reply<H: Handler>( #[cfg(test)] mod tests { - use std::collections::HashMap; + use std::collections::{HashMap, VecDeque}; + #[cfg(feature = "flate2")] + use std::io::Write; use std::num::Wrapping; use std::sync::Arc; @@ -1679,6 +1681,7 @@ mod tests { use crate::compression::{Compression, Decompress}; use crate::kex::{KEXES, NONE}; use crate::session::{CommonSession, Encrypted, EncryptedState, Exchange}; + use crate::sshbuffer::{IncomingSshPacket, PacketWriter, SSHBuffer}; use crate::{CryptoVec, cipher, mac}; struct TestHandler; @@ -1750,6 +1753,56 @@ mod tests { (session, sender, reply_receiver) } + #[cfg(feature = "flate2")] + fn authenticated_session() -> Session { + let config = Arc::new(Config::default()); + let (receiver_sender, receiver) = channel(config.channel_buffer_size); + let (reply_sender, _) = unbounded_channel(); + let mut session = Session::new( + config.window_size, + CommonSession { + auth_user: String::new(), + auth_attempts: 0, + auth_method: None, + remote_to_local: Box::new(cipher::clear::Key), + encrypted: Some(Encrypted { + state: EncryptedState::Authenticated, + exchange: Some(Exchange::default()), + kex: KEXES.get(&NONE).unwrap().make(), + key: 0, + client_mac: mac::NONE, + server_mac: mac::NONE, + session_id: CryptoVec::new(), + channels: HashMap::new(), + last_channel_id: Wrapping(0), + write: Vec::new(), + write_cursor: 0, + last_rekey: russh_util::time::Instant::now(), + server_compression: Compression::None, + client_compression: Compression::None, + decompress: Decompress::Zlib(flate2::Decompress::new(true)), + rekey_wanted: false, + received_extensions: Vec::new(), + extension_info_awaiters: HashMap::new(), + }), + config, + wants_reply: false, + disconnected: false, + buffer: Vec::new(), + strict_kex: false, + alive_timeouts: 0, + received_data: false, + remote_sshid: b"SSH-2.0-test".to_vec(), + packet_writer: PacketWriter::clear(), + }, + receiver, + reply_sender, + ); + session.open_global_requests = VecDeque::new(); + let _ = receiver_sender; + session + } + fn oversized_prompt_count_packet() -> Vec<u8> { let mut packet = Vec::new(); msg::USERAUTH_INFO_REQUEST_OR_USERAUTH_PK_OK @@ -1772,7 +1825,59 @@ mod tests { .expect_err("malformed prompt count must fail"); assert!(matches!(err, crate::Error::Inconsistent)); - assert!(replies.try_recv().is_err(), "malformed packet must not emit a reply"); + assert!( + replies.try_recv().is_err(), + "malformed packet must not emit a reply" + ); + } + + #[cfg(feature = "flate2")] + fn compressed_debug_payload(payload_len: usize) -> Vec<u8> { + let mut payload = vec![b'A'; payload_len]; + payload[0] = crate::msg::DEBUG; + + let mut encoder = flate2::write::ZlibEncoder::new(Vec::new(), flate2::Compression::best()); + encoder.write_all(&payload).unwrap(); + let compressed = encoder.finish().unwrap(); + assert!(compressed.len() < 256 * 1024); + compressed + } + + #[cfg(feature = "flate2")] + fn incoming_packet(compressed: Vec<u8>) -> SSHBuffer { + let mut buffer = SSHBuffer::new(); + buffer.buffer.extend_from_slice(&[0; 5]); + buffer.buffer.extend_from_slice(&compressed); + buffer + } + + #[cfg(feature = "flate2")] + #[tokio::test] + async fn compressed_debug_is_ignored_after_client_parses_it() { + let mut session = authenticated_session(); + let mut handler = TestHandler; + let mut kex_done_signal = None; + let buffer = incoming_packet(compressed_debug_payload(200 * 1024)); + let mut pkt: IncomingSshPacket = session.maybe_decompress(&buffer).unwrap(); + + super::reply(&mut session, &mut handler, &mut kex_done_signal, &mut pkt) + .await + .unwrap(); + + assert!(!session.common.disconnected); + } + + #[cfg(feature = "flate2")] + #[test] + fn oversized_compressed_debug_is_rejected_before_client_ignores_it() { + let mut session = authenticated_session(); + let oversized = crate::cipher::MAXIMUM_DECOMPRESSED_PACKET_LEN + 1024; + let buffer = incoming_packet(compressed_debug_payload(oversized)); + + let err = session.maybe_decompress(&buffer).unwrap_err(); + assert!( + matches!(err, crate::Error::PacketSize(len) if len > crate::cipher::MAXIMUM_DECOMPRESSED_PACKET_LEN) + ); } }
russh/src/compression.rs+78 −3 modified@@ -3,6 +3,9 @@ use std::convert::TryFrom; use delegate::delegate; use ssh_encoding::Encode; +#[cfg(feature = "flate2")] +use crate::cipher::MAXIMUM_DECOMPRESSED_PACKET_LEN; + #[derive(Debug, Clone)] pub enum Compression { None, @@ -166,6 +169,55 @@ impl Decompress { } } +#[cfg(all(test, feature = "flate2"))] +mod tests { + use std::io::Write; + + use flate2::write::ZlibEncoder; + + use super::*; + + #[test] + fn decompressed_packet_at_limit_is_accepted() { + let payload = vec![b'A'; MAXIMUM_DECOMPRESSED_PACKET_LEN]; + let mut encoder = ZlibEncoder::new(Vec::new(), flate2::Compression::best()); + encoder.write_all(&payload).unwrap(); + let compressed = encoder.finish().unwrap(); + + let mut decompressor = Decompress::Zlib(flate2::Decompress::new(true)); + let mut output = Vec::new(); + + let decompressed = decompressor.decompress(&compressed, &mut output).unwrap(); + assert_eq!(decompressed.len(), MAXIMUM_DECOMPRESSED_PACKET_LEN); + } + + #[test] + fn oversized_decompressed_packet_is_rejected() { + let payload = vec![b'A'; MAXIMUM_DECOMPRESSED_PACKET_LEN + 1024]; + let mut encoder = ZlibEncoder::new(Vec::new(), flate2::Compression::best()); + encoder.write_all(&payload).unwrap(); + let compressed = encoder.finish().unwrap(); + + let mut decompressor = Decompress::Zlib(flate2::Decompress::new(true)); + let mut output = Vec::new(); + + let err = decompressor.decompress(&compressed, &mut output).unwrap_err(); + assert!( + matches!(err, crate::Error::PacketSize(len) if len > MAXIMUM_DECOMPRESSED_PACKET_LEN) + ); + } + + #[test] + fn empty_compressed_packet_does_not_spin() { + let compressed = Vec::new(); + let mut decompressor = Decompress::Zlib(flate2::Decompress::new(true)); + let mut output = Vec::new(); + + let decompressed = decompressor.decompress(&compressed, &mut output).unwrap(); + assert!(decompressed.is_empty()); + } +} + #[cfg(feature = "flate2")] impl Compress { fn zlib_output_reserve_bound(input_len: usize) -> usize { @@ -257,21 +309,44 @@ impl Decompress { output.clear(); let n_in = z.total_in() as usize; let n_out = z.total_out() as usize; - output.resize(input.len(), 0); + let max_output_len = MAXIMUM_DECOMPRESSED_PACKET_LEN + .checked_add(1) + .ok_or(crate::Error::PacketSize(usize::MAX))?; + output.resize(input.len().clamp(1, max_output_len), 0); let flush = flate2::FlushDecompress::None; loop { let n_in_ = z.total_in() as usize - n_in; let n_out_ = z.total_out() as usize - n_out; #[allow(clippy::indexing_slicing)] // length checked let d = z.decompress(&input[n_in_..], &mut output[n_out_..], flush); match d? { - flate2::Status::Ok => { - output.resize(output.len() * 2, 0); + flate2::Status::Ok | flate2::Status::BufError => { + let consumed_all_input = n_in_ == input.len(); + let output_full = n_out_ == output.len(); + + if !output_full && consumed_all_input { + break; + } + + if output_full { + if output.len() == max_output_len { + break; + } + let next_len = output + .len() + .checked_mul(2) + .map(|len| len.min(max_output_len)) + .ok_or(crate::Error::PacketSize(usize::MAX))?; + output.resize(next_len, 0); + } } _ => break, } } let n_out_ = z.total_out() as usize - n_out; + if n_out_ > MAXIMUM_DECOMPRESSED_PACKET_LEN { + return Err(crate::Error::PacketSize(n_out_)); + } #[allow(clippy::indexing_slicing)] // length checked Ok(&output[..n_out_]) }
russh/src/server/session.rs+121 −0 modified@@ -1317,3 +1317,124 @@ impl Session { Ok(()) } } + +#[cfg(all(test, feature = "flate2"))] +mod tests { + use std::collections::{HashMap, VecDeque}; + use std::io::Write; + use std::num::Wrapping; + use std::sync::Arc; + + use super::*; + use crate::compression::{Compression, Decompress}; + use crate::kex::{KEXES, NONE, SessionKexState}; + use crate::session::{CommonSession, Encrypted, EncryptedState, Exchange}; + use crate::sshbuffer::{IncomingSshPacket, PacketWriter, SSHBuffer}; + use crate::{CryptoVec, cipher, mac}; + + struct TestHandler; + + impl crate::server::Handler for TestHandler { + type Error = crate::Error; + } + + fn authenticated_session() -> Session { + let config = Arc::new(crate::server::Config::default()); + let (sender, receiver) = tokio::sync::mpsc::channel(config.event_buffer_size); + let handle = Handle { + sender, + channel_buffer_size: config.channel_buffer_size, + }; + + Session { + common: CommonSession { + auth_user: String::new(), + remote_sshid: b"SSH-2.0-test".to_vec(), + config: config.clone(), + encrypted: Some(Encrypted { + state: EncryptedState::Authenticated, + exchange: Some(Exchange::default()), + kex: KEXES.get(&NONE).unwrap().make(), + key: 0, + client_mac: mac::NONE, + server_mac: mac::NONE, + session_id: CryptoVec::new(), + channels: HashMap::new(), + last_channel_id: Wrapping(0), + write: Vec::new(), + write_cursor: 0, + last_rekey: russh_util::time::Instant::now(), + server_compression: Compression::None, + client_compression: Compression::None, + decompress: Decompress::Zlib(flate2::Decompress::new(true)), + rekey_wanted: false, + received_extensions: Vec::new(), + extension_info_awaiters: HashMap::new(), + }), + auth_method: None, + auth_attempts: 0, + packet_writer: PacketWriter::clear(), + remote_to_local: Box::new(cipher::clear::Key), + wants_reply: false, + disconnected: false, + buffer: Vec::new(), + strict_kex: false, + alive_timeouts: 0, + received_data: false, + }, + sender: handle, + receiver, + target_window_size: config.window_size, + pending_reads: Vec::new(), + pending_len: 0, + channels: HashMap::new(), + open_global_requests: VecDeque::new(), + kex: SessionKexState::Idle, + } + } + + fn compressed_debug_payload(payload_len: usize) -> Vec<u8> { + let mut payload = vec![b'A'; payload_len]; + payload[0] = crate::msg::DEBUG; + + let mut encoder = flate2::write::ZlibEncoder::new(Vec::new(), flate2::Compression::best()); + encoder.write_all(&payload).unwrap(); + let compressed = encoder.finish().unwrap(); + assert!(compressed.len() < 256 * 1024); + compressed + } + + fn incoming_packet(compressed: Vec<u8>) -> SSHBuffer { + let mut buffer = SSHBuffer::new(); + buffer.buffer.extend_from_slice(&[0; 5]); + buffer.buffer.extend_from_slice(&compressed); + buffer + } + + #[tokio::test] + async fn compressed_debug_is_ignored_after_server_parses_it() { + let mut session = authenticated_session(); + let mut handler = TestHandler; + let buffer = incoming_packet(compressed_debug_payload(200 * 1024)); + let mut pkt: IncomingSshPacket = session.maybe_decompress(&buffer).unwrap(); + + super::super::reply(&mut session, &mut handler, &mut pkt) + .await + .unwrap(); + + assert!(!session.common.disconnected); + } + + #[test] + fn oversized_compressed_debug_is_rejected_before_server_ignores_it() { + let mut session = authenticated_session(); + let buffer = incoming_packet(compressed_debug_payload( + crate::cipher::MAXIMUM_DECOMPRESSED_PACKET_LEN + 1024, + )); + + let err = session.maybe_decompress(&buffer).unwrap_err(); + assert!( + matches!(err, crate::Error::PacketSize(len) if len > crate::cipher::MAXIMUM_DECOMPRESSED_PACKET_LEN) + ); + } +}
russh/src/tests.rs+32 −2 modified@@ -4,8 +4,11 @@ use futures::Future; use super::*; +#[cfg(feature = "flate2")] mod compress { + use std::borrow::Cow; use std::collections::HashMap; + use std::io::Write; use std::sync::{Arc, Mutex}; use keys::PrivateKeyWithHashAlg; @@ -14,15 +17,18 @@ mod compress { use super::server::{Server as _, Session}; use super::*; + use crate::cipher::MAXIMUM_DECOMPRESSED_PACKET_LEN; use crate::server::Msg; + const OVERSIZED_DEBUG_MESSAGE_LEN: usize = MAXIMUM_DECOMPRESSED_PACKET_LEN + 1024; + #[tokio::test] async fn compress_local_test() { let _ = env_logger::try_init(); let client_key = PrivateKey::random(&mut rand::rng(), ssh_key::Algorithm::Ed25519).unwrap(); let mut config = server::Config::default(); - config.preferred = Preferred::COMPRESSED; + config.preferred = preferred_zlib(); config.inactivity_timeout = None; // Some(std::time::Duration::from_secs(3)); config.auth_rejection_time = std::time::Duration::from_secs(3); config @@ -44,7 +50,7 @@ mod compress { }); let mut config = client::Config::default(); - config.preferred = Preferred::COMPRESSED; + config.preferred = preferred_zlib(); let config = Arc::new(config); let mut session = client::connect(config, addr, Client {}).await.unwrap(); @@ -73,6 +79,19 @@ mod compress { } } + #[test] + fn oversized_debug_payload_can_stay_below_wire_cap() { + let payload = vec![b'A'; OVERSIZED_DEBUG_MESSAGE_LEN]; + let mut encoder = flate2::write::ZlibEncoder::new(Vec::new(), flate2::Compression::best()); + encoder.write_all(&payload).unwrap(); + let compressed = encoder.finish().unwrap(); + + assert!( + compressed.len() < 256 * 1024, + "attacker-crafted compressed payload should stay below the normal SSH wire cap" + ); + } + #[derive(Clone)] struct Server { clients: Arc<Mutex<HashMap<(usize, ChannelId), super::server::Handle>>>, @@ -135,6 +154,17 @@ mod compress { Ok(true) } } + + fn preferred_zlib() -> Preferred { + Preferred { + compression: Cow::Borrowed(&[ + crate::compression::ZLIB, + crate::compression::ZLIB_LEGACY, + crate::compression::NONE, + ]), + ..Preferred::DEFAULT + } + } } mod channels {
1 file changed · +1 −1
russh/Cargo.toml+1 −1 modified@@ -9,7 +9,7 @@ license = "Apache-2.0" name = "russh" readme = "../README.md" repository = "https://github.com/warp-tech/russh" -version = "0.60.1" +version = "0.60.2" rust-version = "1.85" [features]
Vulnerability mechanics
Root cause
"Missing post-decompression size ceiling in `Decompress::decompress()` allows a small compressed SSH packet to inflate into an oversized packet after decompression."
Attack vector
A remote attacker connects to a `russh` server that advertises `zlib`/`zlib@openssh.com` and negotiates compression during key exchange by sending a `KEXINIT` with `zlib` preferred [ref_id=1]. After `NEWKEYS`, before authentication, the attacker sends a compressed `SSH_MSG_DEBUG` packet whose on-wire size is below the 256 KiB transport cap but whose decompressed payload exceeds 128 MiB [ref_id=2]. The server inflates the packet without a post-decompression bound, causing resource exhaustion or disconnection. No authentication is required.
Affected code
The bug is in `russh/src/compression.rs` where `Decompress::decompress()` grew its output buffer by repeated doubling without enforcing a post-decompression ceiling. The receive path in `russh/src/client/mod.rs` and `russh/src/server/session.rs` calls this decompressor. The fix introduces `MAXIMUM_DECOMPRESSED_PACKET_LEN` in `russh/src/cipher/mod.rs` and caps decompression output inside `Decompress::decompress()` [patch_id=3106499].
What the fix does
The patch adds `MAXIMUM_DECOMPRESSED_PACKET_LEN` (set equal to the existing `MAXIMUM_PACKET_LEN`) in `russh/src/cipher/mod.rs` [patch_id=3106499]. In `russh/src/compression.rs`, the `Decompress::decompress()` method now caps the output buffer growth at that ceiling and returns `Error::PacketSize` if the decompressed length exceeds it. This mirrors OpenSSH's approach of having an explicit post-decompression bound rather than relying solely on the on-wire transport packet cap.
Preconditions
- configCompression must be negotiated; the default server advertises zlib and the attacker can prefer it in KEXINIT
- authAttacker must complete SSH key exchange and send NEWKEYS
- inputAttacker sends a compressed packet whose on-wire size is below 256 KiB but decompressed size exceeds 128 MiB
- networkReachable remotely over the SSH transport layer
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.