MidnightBSD

Advisories for russh_project

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those of a russh peer with some other misbehaving peer are most likely to be problematic. These may vulnerable to eavesdropping. Most other implementations reject such keys, so this is mainly an interoperability issue in such a case. This issue is fixed in versions 0.36.2 and 0.37.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
russh_project russh *
russh_project russh 0.37.0
CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
filezilla-project filezilla_client *
redhat ceph_storage 6.0
putty putty *
tinyssh tinyssh *
redhat openshift_api_for_data_protection -
proftpd proftpd *
russh_project russh *
panic nova *
golang crypto *
redhat single_sign-on 7.0
bitvise ssh_client *
lancom-systems lcos_fx -
openbsd openssh *
lancom-systems lcos *
netgate pfsense_plus *
lancom-systems lcos_sx 5.20
trilead ssh2 6401
tera_term_project tera_term *
redhat openshift_developer_tools_and_services -
redhat advanced_cluster_security 4.0
apple macos *
libssh libssh *
redhat cert-manager_operator_for_red_hat_openshift -
roumenpetrov pkixssh *
apache sshj *
oryx-embedded cyclone_ssh *
ssh ssh *
netsarang xshell_7 *
sftpgo_project sftpgo *
fedoraproject fedora 39
panic transmit_5 *
freebsd freebsd *
libssh2 libssh2 *
gentoo security -
redhat keycloak -
bitvise ssh_server *
vandyke securecrt *
lancom-systems lcos_lx -
crates thrussh *
redhat openstack_platform 16.2
redhat openstack_platform 17.1
lancom-systems lanconfig -
netgate pfsense_ce *
redhat openshift_serverless -
redhat enterprise_linux 8.0
redhat openshift_data_foundation 4.0
ssh2_project ssh2 *
asyncssh_project asyncssh *
redhat openstack_platform 16.1
jadaptive maverick_synergy_java_ssh_api *
connectbot sshlib *
redhat jboss_enterprise_application_platform 7.0
redhat discovery -
redhat openshift_container_platform 4.0
microsoft powershell *
paramiko paramiko *
redhat openshift_gitops -
debian debian_linux 10.0
crushftp crushftp *
redhat enterprise_linux 9.0
net-ssh net-ssh 7.2.0
kitty_project kitty *
redhat openshift_dev_spaces -
erlang erlang/otp *
redhat openshift_pipelines -
redhat openshift_virtualization 4
redhat advanced_cluster_security 3.0
lancom-systems lcos_sx 4.20
redhat storage 3.0
dropbear_ssh_project dropbear_ssh *
apache sshd *
winscp winscp *
thorntech sftp_gateway_firmware *
matez jsch *
CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
warpgate_project warpgate *
russh_project russh *
CVE-2025-54804

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
warpgate_project warpgate *
russh_project russh *