142 matches found
russh 数据伪造问题漏洞
russh is a Rust SSH client and server-side library. A data forgery issue vulnerability exists in russh versions 0.34.0 and 0.36.1, which stems from insufficient Diffie-Hellman key validation, which can lead to information disclosure and compromise confidentiality...
CVE-2023-28113 russh may use insecure Diffie-Hellman keys
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...