GHSA-HPV4-5H6F-WQR3 russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

GHSA-WWX6-X28X-8259 russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

PT-2026-45018

Summary The russh server authentication path keeps internal userauth state across SSH MSG USERAUTH REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not...

PT-2026-45017

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

CVE-2026-46702

creationtimestamp| type| source ---|---|--- 2026-05-23 07:53:38+00:00| published-proof-of-concept| https://github.com/Eugeny/russh/security/advisories/GHSA-wwx6-x28x-8259...

Russh: Unchecked CryptoVec allocation and growth handling is reachable

Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...

GHSA-G9F8-WQJ9-FJW5 Russh: Unchecked CryptoVec allocation and growth handling is reachable

Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...

PT-2026-42625

Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...

CVE-2026-46705

creationtimestamp| type| source ---|---|--- 2026-05-20 22:48:47+00:00| published-proof-of-concept| https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3...

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

RUSTSEC-2026-0153 Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

CVE-2026-42189

CVE-2026-42189 affects the Russh Rust SSH library. A pre-authentication denial-of-service exists in the server keyboard-interactive authentication path: an attacker can trigger an OOM crash by sending a crafted USERAUTH_INFO_RESPONSE with a large n, causing the server to allocate memory for a mas...

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

EUVD-2026-28822

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...