HIGH7.5CVE-2026-48110Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds from 0
HIGH7.5CVE-2026-46702russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets from 0
from 0
HIGH7.5russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
from 0
MEDIUM6.5Russh: Unchecked keyboard-interactive prompt count in client auth path
from 0
MEDIUM5.3Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input
from 0
MEDIUM5.3russh server userauth state is not reset when authentication principal changes
from 0