2 matches found
CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...
CVE-2024-43410
CVE-2024-43410 (Russh) : The russh Rust SSH library is vulnerable to an OOM DoS caused by allocating memory based on an untrusted 4-byte packet length. An unauthenticated client can set this length to any value, triggering large allocations before authentication and potentially exhausting the ser...