{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T17:00:57.301","vulnerabilities":[{"cve":{"id":"CVE-2024-43410","sourceIdentifier":"security-advisories@github.com","published":"2024-08-21T16:15:08.373","lastModified":"2025-08-13T18:32:43.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.\nAfter parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1."},{"lang":"es","value":"Russh es una librería de servidor y cliente Rust SSH. La asignación de una cantidad de memoria que no es de confianza permite que cualquier usuario no autenticado utilice OOM en un servidor russh. Un paquete SSH consta de una longitud big-endian de 4 bytes, seguida de un flujo de bytes de esta longitud. Después de analizar y potencialmente descifrar la longitud de 4 bytes, russh asigna suficiente memoria para este flujo de bytes, como optimización del rendimiento para evitar reasignaciones posteriores. Pero esta longitud no es de confianza y el cliente puede establecerla en cualquier valor, lo que provoca que se asigne tanta memoria, lo que provocará que el proceso entre en OOM dentro de unas pocas solicitudes de este tipo. Esta vulnerabilidad se solucionó en 0.44.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.44.1","matchCriteriaId":"9D88D02C-22D3-4C01-BEB7-BA3967189488"},{"vulnerable":true,"criteria":"cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.2","matchCriteriaId":"F311333F-14EB-455B-BCC0-9654E39CBA0E"}]}]}],"references":[{"url":"https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}