Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/08/05 6:41 a.m.11 views

CVE-2025-54804

A flaw was found in russh. The SSH channel window adjust message processing incorrectly handles input, leading to an integer overflow. A remote attacker can trigger this overflow by sending a maliciously crafted SSH channel window adjust message. This integer overflow can result in an application...

6.5CVSS6.5AI score0.00386EPSS
Exploits1References5
Circl
Circl
added 2025/08/05 3:53 a.m.8 views

CVE-2025-54804

creationtimestamp| type| source ---|---|--- 2025-08-05 03:53:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvmsq235xg2s...

6.5CVSS7.3AI score0.00386EPSS
Exploits1References1
CVE
CVE
added 2025/08/05 12:5 a.m.40 views

CVE-2025-54804

Russh is a Rust SSH client/server library. In versions ≤0.54.0, CHANNEL_WINDOW_ADJUST handling computes recipient_window_size from the decoded value without proper overflow checks, causing an integer overflow that can crash the server. The issue is fixed in version 0.54.1. Attacker impact is serv...

6.5CVSS7AI score0.00386EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/08/05 12:5 a.m.4 views

CVE-2025-54804 Russh is missing an overflow check during channel windows adjust

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...

6.5CVSS6.7AI score0.00386EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/05 12:5 a.m.12 views

CVE-2025-54804 Russh is missing an overflow check during channel windows adjust

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...

6.5CVSS0.00386EPSS
Exploits1References2
OSV
OSV
added 2025/08/05 12:5 a.m.6 views

CVE-2025-54804 Russh is missing an overflow check during channel windows adjust

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...

6.5CVSS7.3AI score0.00386EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/08/05 12:5 a.m.7 views

CVE-2025-54804

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...

6.5CVSS5.9AI score0.00386EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/08/04 8:28 p.m.4 views

async-ssh2-tokio (>=0.2.0 <=0.8.11), dev-tunnels (=0.1.0) +6 more potentially affected by CVE-2025-54804 via russh (>=0.34.0 <=0.43.0)

russh CARGO version =0.34.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1 - sshrpc =0.1.0 - tunnels =0.1.0 Source cves: CVE-2025-54804 Source advisory: OSV:GHSA-H5RC-J5F5-3GCM...

6.5CVSS5.4AI score0.00386EPSS
Exploits1
Rows per page
Query Builder