VYPR

Russh

by Eugeny

cargo: russh

Source repositories

CVEs (8)

  • CVE-2026-48110HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote…

  • CVE-2026-46702HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This…

  • CVE-2026-46673HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths…

  • CVE-2024-43410HigAug 21, 2024
    risk 0.42cvss 7.5epss 0.01

    Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting…

  • CVE-2026-48107MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, and the client would use…

  • CVE-2025-54804MedAug 5, 2025
    risk 0.35cvss 6.5epss 0.00

    Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and…

  • CVE-2026-48108MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the…

  • CVE-2026-46705MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST messages without separating that state when the request principal changes. RFC…