8 matches found
CVE-2025-54804
A flaw was found in russh. The SSH channel window adjust message processing incorrectly handles input, leading to an integer overflow. A remote attacker can trigger this overflow by sending a maliciously crafted SSH channel window adjust message. This integer overflow can result in an application...
CVE-2025-54804
creationtimestamp| type| source ---|---|--- 2025-08-05 03:53:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvmsq235xg2s...
CVE-2025-54804
Russh is a Rust SSH client/server library. In versions ≤0.54.0, CHANNEL_WINDOW_ADJUST handling computes recipient_window_size from the decoded value without proper overflow checks, causing an integer overflow that can crash the server. The issue is fixed in version 0.54.1. Attacker impact is serv...
CVE-2025-54804 Russh is missing an overflow check during channel windows adjust
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
CVE-2025-54804 Russh is missing an overflow check during channel windows adjust
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
CVE-2025-54804 Russh is missing an overflow check during channel windows adjust
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
CVE-2025-54804
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
async-ssh2-tokio (>=0.2.0 <=0.8.11), dev-tunnels (=0.1.0) +6 more potentially affected by CVE-2025-54804 via russh (>=0.34.0 <=0.43.0)
russh CARGO version =0.34.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1 - sshrpc =0.1.0 - tunnels =0.1.0 Source cves: CVE-2025-54804 Source advisory: OSV:GHSA-H5RC-J5F5-3GCM...