11 matches found
Russh: Unchecked keyboard-interactive prompt count in client auth path
Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...
GHSA-G9G7-5CGW-6V28 Russh: Unchecked keyboard-interactive prompt count in client auth path
Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...
EUVD-2026-36129
Russh: Unchecked keyboard-interactive prompt count in client auth path...
Linux Distros Unpatched Vulnerability : CVE-2026-48107
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a...
DEBIAN-CVE-2026-48107
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...
CVE-2026-48107
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...
CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...
CVE-2026-48107
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...
CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...
CVE-2026-48107
Russh (Rust SSH client/server) is affected in versions 0.37.0–0.60.x where the client’s keyboard-interactive auth path accepts an attacker-controlled prompt count via USERAUTH_INFO_REQUEST. The code uses the raw count directly in Vec::with_capacity(...) before verifying sufficient prompt data, en...
PT-2026-48545
Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...