CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

CVE-2026-46673 vulnerabilities

Vulnerabilities for packages: yazi...

async-ssh2-tokio (>=0.2.0 <=0.8.11), dev-tunnels (=0.1.0) +6 more potentially affected by CVE-2026-46673 via russh (>=0.34.0 <=0.43.0)

russh CARGO version =0.34.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1 - sshrpc =0.1.0 - tunnels =0.1.0 Source cves: CVE-2026-46673 Source advisory: OSV:RUSTSEC-2026-0154...

PT-2026-41729

Name of the Vulnerable Software and Affected Versions russh versions prior to 0.58.0 russh versions 0.60.x Description An issue exists in the CryptoVec component involving unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In versions prior to 0.58.0,...

Siemens SCALANCE and RUGGEDCOM Devices Double Free (CVE-2024-46673)

scsi: aacraid: Fix double-free on probe failure. aacprobeone calls hardware-specific init functions through the aacdriverident::init pointer, all of which eventually call down to aacinitadapter. If aacinitadapter fails after allocating memory for aacdev::queues, it frees the memory but does not...

CVE-2024-46673

creationtimestamp| type| source ---|---|--- 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...

CVE-2025-46673

NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol SDLS...

CVE-2025-46673

NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol SDLS...

Linux Distros Unpatched Vulnerability : CVE-2024-46673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: aacraid: Fix double-free on probe failure aacprobeone calls hardware-specific init functions through the aacdriverident::init pointer, all of which...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46673)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46673 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2025-1057)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memoryCVE-2024-50115 tcp/dccp: Don't use timerpending in reqskqueueunlink.CVE-2024-50154 bpf: F...

Ubuntu: Security Advisory (USN-7100-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: kernel-livepatch-5.10.223-211.872

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure CVE-2024-46673 Affected Packages: kernel-livepatch-5.10.223-211.872 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.224-212.876

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure CVE-2024-46673 Affected Packages: kernel-livepatch-5.10.224-212.876 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Ubuntu: Security Advisory (USN-7069-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-46673 affecting package kernel for versions less than 6.6.51.1-1

CVE-2024-46673 affecting package kernel for versions less than 6.6.51.1-1. An upgraded version of the package is available that resolves this issue...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-7069-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7069-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-46673)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46673 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe...

CVE-2024-46673 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-46673 affecting package kernel for versions less than 5.15.167.1-1. An upgraded version of the package is available that resolves this issue...