2 matches found
EUVD-2026-36131
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds...
DEBIAN-CVE-2026-48110
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...