CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55	Patch
https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:russh_project:russh::::::rust::*
	cpe:2.3:a:warpgate_project:warpgate::::::::

History

13 Aug 2025, 18:32

Type	Values Removed	Values Added
First Time		Russh Project Russh Project russh Warpgate Project warpgate Warpgate Project
References	~~() https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 -~~	() https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 - Patch
References	~~() https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg -~~	() https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg - Exploit, Vendor Advisory
CPE		cpe:2.3:a:russh_project:russh::::::rust::* cpe:2.3:a:warpgate_project:warpgate::::::::

Information

Published : 2024-08-21 16:15

Updated : 2025-08-13 18:32

NVD link : CVE-2024-43410

Mitre link : CVE-2024-43410

CVE.ORG link : CVE-2024-43410

JSON object : View

Products Affected

warpgate_project

warpgate

russh_project

russh

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-43410", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-21T16:15:08.373", "references": [{"url": "https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.\nAfter parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1."}, {"lang": "es", "value": "Russh es una librer\u00eda de servidor y cliente Rust SSH. La asignaci\u00f3n de una cantidad de memoria que no es de confianza permite que cualquier usuario no autenticado utilice OOM en un servidor russh. Un paquete SSH consta de una longitud big-endian de 4 bytes, seguida de un flujo de bytes de esta longitud. Despu\u00e9s de analizar y potencialmente descifrar la longitud de 4 bytes, russh asigna suficiente memoria para este flujo de bytes, como optimizaci\u00f3n del rendimiento para evitar reasignaciones posteriores. Pero esta longitud no es de confianza y el cliente puede establecerla en cualquier valor, lo que provoca que se asigne tanta memoria, lo que provocar\u00e1 que el proceso entre en OOM dentro de unas pocas solicitudes de este tipo. Esta vulnerabilidad se solucion\u00f3 en 0.44.1."}], "lastModified": "2025-08-13T18:32:43.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "9D88D02C-22D3-4C01-BEB7-BA3967189488", "versionEndExcluding": "0.44.1"}, {"criteria": "cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F311333F-14EB-455B-BCC0-9654E39CBA0E", "versionEndExcluding": "0.10.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}