Lucene search

K

4 matches found

CVE
CVE
added 2023/12/18 4:15 p.m.3901 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.74635EPSS
CVE
CVE
added 2023/03/16 9:15 p.m.70 views

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those of...

5.9CVSS5.5AI score0.00095EPSS
CVE
CVE
added 2024/08/21 4:15 p.m.46 views

CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.After parsing and potentially decrypting the 4-byte length, rus...

7.5CVSS7.5AI score0.00104EPSS
CVE
CVE
added 2025/08/05 1:15 a.m.7 views

CVE-2025-54804

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an intern...

6.5CVSS7AI score0.00047EPSS