4 matches found
CVE-2023-28113
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...
CVE-2023-28113 russh may use insecure Diffie-Hellman keys
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...
CVE-2023-28113 russh may use insecure Diffie-Hellman keys
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...
CVE-2023-28113
Summary: The CVE-2023-28113 issue affects russh, a Rust SSH client/server library. The root cause is insufficient validation of Diffie-Hellman (DH) keys, allowing certain invalid DH public values (e, e