Noratrieb

**Name of the Vulnerable Software and Affected Versions** russh versions prior to 0.44.1 **Description** The issue arises from allocating an untrusted amount of memory based on the length specified in an SSH packet, which can be set to any value by a client. This allows any unauthenticated user to cause a russh server to run out of memory (OOM), leading to a denial of service (DoS). An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream as a performance optimization. However, this length is entirely untrusted and can be manipulated by the client, causing excessive memory allocation and subsequent OOM. **Recommendations** For versions prior to 0.44.1, update to version 0.44.1 or later to resolve the issue. As a temporary workaround, consider implementing packet length limits to prevent excessive memory allocation, as suggested by RFC 4253. This can help avoid denial of service and/or buffer overflow attacks by ensuring that the packet length is reasonable.