Lucene search
K

142 matches found

EUVD
EUVD
added 2026/06/11 8:33 p.m.13 views

EUVD-2026-36131

Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 8:33 p.m.7 views

GHSA-4R3C-5HPG-58QR Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds

SSH message fields were decoded through allocation-first parsers before field-specific bounds Summary Several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH pe...

7.5CVSS6AI score0.00268EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 8:29 p.m.11 views

EUVD-2026-36130

Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:29 p.m.8 views

GHSA-76R6-X97P-67VR Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Summary russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner...

5.3CVSS5.7AI score0.00277EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 8:28 p.m.10 views

Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/11 8:28 p.m.10 views

EUVD-2026-36129

Russh: Unchecked keyboard-interactive prompt count in client auth path...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:28 p.m.6 views

GHSA-G9G7-5CGW-6V28 Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth...

5.3CVSS5.6AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-48110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded...

7.5CVSS5.6AI score0.00268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of- service vulnerability exists in the server's...

7.5CVSS5.6AI score0.00481EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 10:17 p.m.16 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.14 views

CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.7 views

DEBIAN-CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.6 views

DEBIAN-CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.14 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46702

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS0.00268EPSS
Exploits0References1
Rows per page
Query Builder