Holzhaus

**Name of the Vulnerable Software and Affected Versions** russh versions 0.34.0 through 0.36.1 russh versions 0.37.0 **Description** The issue is related to insufficient Diffie-Hellman key validation, which can lead to insecure shared secrets and break confidentiality. This can result in eavesdropping, particularly in connections between a russh client and server or those of a russh peer with some other misbehaving peer. Most other implementations reject such keys, making this mainly an interoperability issue. The problem arises because russh does not validate Diffie-Hellman keys, accepting received DH public keys where `e` is less than 0, equal to 1, or greater than or equal to `p-1` from a misbehaving peer, and successfully performs key exchange. This violates RFC 4253 and RFC 8268, which state that DH public key values must be checked to ensure `1 < e < p-1` and `1 < f < p-1`. Additionally, the code does not ensure that the generated secret key `y` is in the valid interval `0 < y < q`. **Recommendations** For russh versions 0.34.0 through 0.36.1, update to version 0.36.2 or later. For russh version 0.37.0, update to version 0.37.1 or later. As a temporary workaround, consider restricting the use of Diffie-Hellman key exchange until a patch is available.