Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 8:28 p.m.8 views

Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/11 8:28 p.m.5 views

GHSA-G9G7-5CGW-6V28 Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 8:28 p.m.8 views

EUVD-2026-36129

Russh: Unchecked keyboard-interactive prompt count in client auth path...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 10:17 p.m.3 views

DEBIAN-CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.22 views

CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:23 p.m.28 views

CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS0.00232EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/10 8:23 p.m.6 views

CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS5.4AI score0.00232EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 8:23 p.m.8 views

CVE-2026-48107 Russh: Unchecked keyboard-interactive prompt count in client auth path

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:23 p.m.17 views

CVE-2026-48107

Russh (Rust SSH client/server) is affected in versions 0.37.0–0.60.x where the client’s keyboard-interactive auth path accepts an attacker-controlled prompt count via USERAUTH_INFO_REQUEST. The code uses the raw count directly in Vec::with_capacity(...) before verifying sufficient prompt data, en...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

6.5CVSS5.3AI score0.00232EPSS
Exploits0References5
Rows per page
Query Builder