pkg:crates.io/russh

8 total CVEsHIGH4MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2026-46702russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
    >= 0.34.0, < 0.61.1
  • HIGH7.5CVE-2026-46673Russh: Unchecked CryptoVec allocation and growth handling is reachable
    from 0, < 0.60.3
  • HIGH7.5CVE-2026-42189russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
    from 0, < 0.60.1
  • HIGH7.5CVE-2024-43410Russh has an OOM Denial of Service due to allocation of untrusted amount
    from 0, < 0.44.1
  • MEDIUM6.5CVE-2025-54804russh is missing overflow checks during channel windows adjust
    from 0, < 0.54.1
  • MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
    from 0, < 0.40.2
  • MEDIUM5.9CVE-2023-28113russh may use insecure Diffie-Hellman keys
    from 0, < 0.36.2
  • MEDIUM5.3CVE-2026-46705russh server userauth state is not reset when authentication principal changes
    >= 0.34.0-beta.1, < 0.61.0