CVE-2026-46702

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

CVE-2026-46702

Russh contains a post-decompression packet size bound vulnerability: when SSH compression is enabled, compressed payloads could inflate to oversized decompressed data, bypassing on-wire packet checks. This allowed remote DoS by sending small compressed packets that decompress beyond limits. Affec...

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

EUVD-2026-36125

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

GHSA-WWX6-X28X-8259 russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

PT-2026-45017

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0 through 0.61.0 Description When SSH compression is enabled, the software accepts compressed packets that pass initial transport packet-length checks but expand to a much larger size upon decompression. This occurs because...

The vulnerability of the netem component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the netem component in the Linux operating system’s kernel is related to errors that occur after decompression. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...