CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

112 matches found

EUVD•added 2026/06/11 8:28 p.m.•8 views

EUVD-2026-36129

Russh: Unchecked keyboard-interactive prompt count in client auth path...

6.5CVSS5.4AI score0.00232EPSS

Exploits0References2

OSV•added 2026/06/11 8:28 p.m.•5 views

GHSA-G9G7-5CGW-6V28 Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS

Exploits0References3

Github Security Blog•added 2026/06/11 8:28 p.m.•8 views

Russh: Unchecked keyboard-interactive prompt count in client auth path

6.5CVSS5.6AI score0.00232EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2026/06/11 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-42189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of- service vulnerability exists in the server's...

7.5CVSS5.6AI score0.00481EPSS

Exploits1References2

NVD•added 2026/06/10 10:17 p.m.•21 views

CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS0.00232EPSS

Exploits0References1

OSV•added 2026/06/10 10:17 p.m.•3 views

DEBIAN-CVE-2026-48107

6.5CVSS5.4AI score0.00232EPSS

Exploits0References1

Cvelist•added 2026/06/10 8:23 p.m.•28 views

CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path

6.5CVSS0.00232EPSS

Exploits0References1

CVE•added 2026/06/10 8:23 p.m.•12 views

CVE-2026-48107

Russh (Rust SSH client/server) is affected in versions 0.37.0–0.60.x where the client’s keyboard-interactive auth path accepts an attacker-controlled prompt count via USERAUTH_INFO_REQUEST. The code uses the raw count directly in Vec::with_capacity(...) before verifying sufficient prompt data, en...

6.5CVSS5.4AI score0.00232EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 8:23 p.m.•8 views

CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path

6.5CVSS5.4AI score0.00232EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•10 views

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

6.5CVSS5.3AI score0.00232EPSS

Exploits0References5

RedhatCVE•added 2026/05/11 8:25 p.m.•13 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.7AI score0.00481EPSS

Exploits1References1

NVD•added 2026/05/08 8:16 p.m.•23 views

CVE-2026-42189

7.5CVSS0.00481EPSS

Exploits1References3

OSV•added 2026/05/08 8:16 p.m.•3 views

DEBIAN-CVE-2026-42189

7.5CVSS5.4AI score0.00481EPSS

Exploits1References1

Vulnrichment•added 2026/05/08 7:49 p.m.•6 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

7.5CVSS5.8AI score0.00481EPSS

Exploits1References3

EUVD•added 2026/05/08 7:49 p.m.•25 views

EUVD-2026-28822

7.5CVSS5.8AI score0.00481EPSS

Exploits1References3

CVE•added 2026/05/08 7:49 p.m.•21 views

CVE-2026-42189

CVE-2026-42189 affects the Russh Rust SSH library. A pre-authentication denial-of-service exists in the server keyboard-interactive authentication path: an attacker can trigger an OOM crash by sending a crafted USERAUTH_INFO_RESPONSE with a large n, causing the server to allocate memory for a mas...

7.5CVSS5.8AI score0.00481EPSS

Exploits1References3Affected Software2

Cvelist•added 2026/05/08 7:49 p.m.•51 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

7.5CVSS0.00481EPSS

Exploits1References3

Debian CVE•added 2026/05/08 7:49 p.m.•4 views

CVE-2026-42189

7.5CVSS5.4AI score0.00481EPSS

Exploits1

ATTACKERKB•added 2026/05/08 7:49 p.m.•6 views

CVE-2026-42189

7.5CVSS5.8AI score0.00481EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/05/08 12:0 a.m.•6 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.1 contained security vulnerabilities. These vulnerabilities stemmed from a pre-authentication denial-of-service vulnerability in the server’s keyboard interaction authenticatio...

7.5CVSS5.8AI score0.00481EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by