CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

NVD•added 2026/06/10 10:17 p.m.•10 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS0.00263EPSS

Exploits0References1

OSV•added 2026/06/10 10:17 p.m.•5 views

DEBIAN-CVE-2026-46673

7.5CVSS5.6AI score0.00263EPSS

Exploits0References1

OSV•added 2026/06/10 10:17 p.m.•5 views

DEBIAN-CVE-2026-46702

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS5.5AI score0.00268EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 8:16 p.m.•6 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

7.5CVSS5.6AI score0.00263EPSS

Exploits0References1

Cvelist•added 2026/06/10 8:16 p.m.•29 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

7.5CVSS0.00263EPSS

Exploits0References1

CVE•added 2026/06/10 8:16 p.m.•18 views

CVE-2026-46673

Summary of the vulnerability (CVE-2026-46673) : In Russh (Rust SSH client/server), CryptoVec allocations and growth were unchecked in vulnerable releases. Prior to 0.60.3, local agent inputs could feed attacker-controlled frame lengths into buffer growth before validation; in historical releases ...

7.5CVSS5.6AI score0.00263EPSS

Exploits0References1

EUVD•added 2026/06/10 8:16 p.m.•8 views

EUVD-2026-36124

7.5CVSS5.6AI score0.00263EPSS

Exploits0References1

CNNVD•added 2026/06/10 12:0 a.m.•9 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.3 contained security vulnerabilities. These vulnerabilities stemmed from CryptoVec’s use of unchecked capacity growth and unchecked length arithmetic, which could lead to buffe...

7.5CVSS5.6AI score0.00263EPSS

Exploits0References1

OSV•added 2026/05/21 8:49 p.m.•5 views

GHSA-G9F8-WQJ9-FJW5 Russh: Unchecked CryptoVec allocation and growth handling is reachable

Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...

7.5CVSS5.9AI score0.00263EPSS

Exploits0References5

Github Security Blog•added 2026/05/21 8:49 p.m.•16 views

Russh: Unchecked CryptoVec allocation and growth handling is reachable

7.5CVSS5.9AI score0.00263EPSS

Exploits0References5Affected Software2

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42625

7.5CVSS5.9AI score

Exploits0References3

OSV•added 2026/05/15 12:0 p.m.•8 views

RUSTSEC-2026-0153 Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

7.5CVSS6.2AI score0.00263EPSS

Exploits0References4

RustSec•added 2026/05/15 12:0 p.m.•13 views

Unchecked `CryptoVec` allocation and growth handling

7.5CVSS6.2AI score0.00263EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by