Lucene search
+L

142 matches found

CVE
CVE
added 2026/06/10 8:21 p.m.29 views

CVE-2026-46705

The vulnerability CVE-2026-46705 affects russh (Rust SSH client/server) versions 0.34.0-beta.1 through before 0.61.0. The server’s authentication path retained russh-owned state (e.g., remaining methods, partial_success, and in-progress state) across SSH_MSG_USERAUTH_REQUEST messages when the use...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:21 p.m.9 views

CVE-2026-46705 russh server userauth state is not reset when authentication principal changes

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:21 p.m.32 views

CVE-2026-46705 russh server userauth state is not reset when authentication principal changes

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:21 p.m.2 views

CVE-2026-46705 russh server userauth state is not reset when authentication principal changes

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 8:19 p.m.10 views

CVE-2026-46702

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS5.5AI score0.00268EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 8:19 p.m.9 views

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:19 p.m.12 views

EUVD-2026-36125

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:19 p.m.33 views

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:19 p.m.2 views

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS6AI score0.00268EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 8:16 p.m.15 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 8:16 p.m.10 views

EUVD-2026-36124

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:16 p.m.32 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:16 p.m.24 views

CVE-2026-46673

Summary of the vulnerability (CVE-2026-46673) : In Russh (Rust SSH client/server), CryptoVec allocations and growth were unchecked in vulnerable releases. Prior to 0.60.3, local agent inputs could feed attacker-controlled frame lengths into buffer growth before validation; in historical releases ...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:16 p.m.3 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from multiple message processors decoding attacker-controlled SSH strings, name lists, and...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Russh 授权问题漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an authorization vulnerability. This vulnerability stemmed from the server authentication path not separating the internal authentication state whe...

5.3CVSS5.3AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48546

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as an individual contributor. In versions of Russh from 0.37.0 to 0.61.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the keyboard interaction authentication process, where a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh from 0.34.0 to 0.61.1 contained security vulnerabilities. These vulnerabilities stemmed from the acceptance of overly large compressed data packets when SSH compression was enabled, which...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.3 contained security vulnerabilities. These vulnerabilities stemmed from CryptoVec’s use of unchecked capacity growth and unchecked length arithmetic, which could lead to buffe...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder