CVE-2024-43410

Name of the Vulnerable Software and Affected Versions russh versions prior to 0.44.1

Description The issue arises from allocating an untrusted amount of memory based on the length specified in an SSH packet, which can be set to any value by a client. This allows any unauthenticated user to cause a russh server to run out of memory (OOM), leading to a denial of service (DoS). An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream as a performance optimization. However, this length is entirely untrusted and can be manipulated by the client, causing excessive memory allocation and subsequent OOM.

Recommendations For versions prior to 0.44.1, update to version 0.44.1 or later to resolve the issue. As a temporary workaround, consider implementing packet length limits to prevent excessive memory allocation, as suggested by RFC 4253. This can help avoid denial of service and/or buffer overflow attacks by ensuring that the packet length is reasonable.