3 matches found
GHSA-WWX6-X28X-8259 russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...
CVE-2024-8508
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression ...
CVE-2013-4421
The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...