PT-2025-31887 · Russh · Russh

Onjonjo

Published

2025-08-04

Updated

2025-08-13

CVE-2025-54804

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Russh versions 0.54.0 and earlier

Description Russh is a Rust SSH client and server library. The channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation adds the value from the message to an internal state value, which can result in an integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server.

Recommendations Update to version 0.54.1 or later.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-16318

CVE-2025-54804

GHSA-H5RC-J5F5-3GCM

Affected Products

Russh

PT-2025-31887 · Russh · Russh

CVE-2025-54804

Weakness Enumeration

Related Identifiers

Affected Products

References · 12