Lucene search
K

4 matches found

NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:24 p.m.18 views

CVE-2026-48108

Russh (Rust SSH client/server library) prior to 0.61.0 allowed non-canonical client identification and did not bound pre-banner input on the server side, enabling malformed pre-auth identification to potentially exhaust connection resources. The issue affects versions 0.34.0-beta.1 through before...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:24 p.m.8 views

CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48546

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
Rows per page
Query Builder