Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.
After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Russh Project
Russh Project russh |
|
CPEs | cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:* | |
Vendors & Products |
Russh Project
Russh Project russh |
|
Metrics |
ssvc
|
Wed, 21 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. | |
Title | Russh has an OOM Denial of Service due to allocation of untrusted amount | |
Weaknesses | CWE-770 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-21T15:09:34.316Z
Updated: 2024-08-21T15:35:25.998Z
Reserved: 2024-08-12T18:02:04.967Z
Link: CVE-2024-43410
Vulnrichment
Updated: 2024-08-21T15:35:19.570Z
NVD
Status : Awaiting Analysis
Published: 2024-08-21T16:15:08.373
Modified: 2024-08-21T17:25:08.560
Link: CVE-2024-43410
Redhat
No data.