CVE-2024-43410

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-43410
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 Patch
https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*
cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*
History

13 Aug 2025, 18:32

Type Values Removed Values Added
References () https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 - () https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 - Patch
References () https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg - () https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg - Exploit, Vendor Advisory
Summary
  • (es) Russh es una librería de servidor y cliente Rust SSH. La asignación de una cantidad de memoria que no es de confianza permite que cualquier usuario no autenticado utilice OOM en un servidor russh. Un paquete SSH consta de una longitud big-endian de 4 bytes, seguida de un flujo de bytes de esta longitud. Después de analizar y potencialmente descifrar la longitud de 4 bytes, russh asigna suficiente memoria para este flujo de bytes, como optimización del rendimiento para evitar reasignaciones posteriores. Pero esta longitud no es de confianza y el cliente puede establecerla en cualquier valor, lo que provoca que se asigne tanta memoria, lo que provocará que el proceso entre en OOM dentro de unas pocas solicitudes de este tipo. Esta vulnerabilidad se solucionó en 0.44.1.
CPE cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*
cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*
First Time Warpgate Project warpgate
Russh Project russh
Warpgate Project
Russh Project

21 Aug 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-21 16:15

Updated : 2025-08-13 18:32

NVD link : CVE-2024-43410

Mitre link : CVE-2024-43410

CVE.ORG link : CVE-2024-43410

JSON object : View

Products Affected

warpgate_project

  • warpgate

russh_project

  • russh
CWE
CWE-770

Allocation of Resources Without Limits or Throttling