Vulnerability-Lookup

rustsec-2026-0153

Vulnerability from osv_rustsec

Published

2026-05-15 12:00

Modified

2026-06-02 09:53

Summary

Unchecked `CryptoVec` allocation and growth handling

Details

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations.

Two affected reachability paths were identified:

Current russh releases (0.60.x before the fix) Local SSH agent peers could provide attacker-controlled frame lengths that were used to resize internal buffers before validation in:
AgentClient::read_response
agent::server::Connection::run
Historical russh releases before 0.58.0 CryptoVec was also used for non-secret transport and compression buffers, allowing remote SSH traffic to trigger CryptoVec growth through:
transport packet reads
zlib decompression output

These remote paths were removed in 0.58.0 when CryptoVec stopped being used for those buffers.

Under constrained memory conditions, historical russh versions prior to 0.58.0 can abort the process when remote compressed payload expansion causes allocation failure in CryptoVec. This was reproduced through the compression path and resulted in process termination in the Unix allocation/locking implementation after null pointer allocation failure.

For current affected releases, oversized local SSH agent frame lengths could trigger untrusted-input-driven buffer growth prior to validation.

No practical remote code execution, integrity or confidentiality impact has been demonstrated.

Fixed by validating CryptoVec growth operations and rejecting oversized SSH agent frame lengths before buffer allocation.

Severity

7.5 (High)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

URL

Type

	https://crates.io/crates/russh-cryptovec	PACKAGE
	https://rustsec.org/advisories/RUSTSEC-2026-0153.html	ADVISORY
	https://github.com/Eugeny/russh/security/advisori…	ADVISORY
	https://github.com/Eugeny/russh/commit/a2d48a71fe…	WEB

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "denial-of-service"
        ],
        "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "russh-cryptovec",
        "purl": "pkg:cargo/russh-cryptovec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            },
            {
              "fixed": "0.60.3"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "CVE-2026-46673",
    "GHSA-g9f8-wqj9-fjw5"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "`CryptoVec` used unchecked capacity growth, unchecked length arithmetic, and\nunsafe allocation and locking paths. In affected `russh` releases,\nattacker-controlled input could reach these code paths through buffer resizing\noperations.\n\nTwo affected reachability paths were identified:\n\n* **Current `russh` releases (`0.60.x` before the fix)**\n  Local SSH agent peers could provide attacker-controlled frame lengths that\n  were used to resize internal buffers before validation in:\n\n  * `AgentClient::read_response`\n  * `agent::server::Connection::run`\n\n* **Historical `russh` releases before `0.58.0`**\n  `CryptoVec` was also used for non-secret transport and compression buffers,\n  allowing remote SSH traffic to trigger `CryptoVec` growth through:\n\n  * transport packet reads\n  * zlib decompression output\n\nThese remote paths were removed in `0.58.0` when `CryptoVec` stopped being used\nfor those buffers.\n\nUnder constrained memory conditions, historical `russh` versions prior to\n`0.58.0` can abort the process when remote compressed payload expansion causes\nallocation failure in `CryptoVec`. This was reproduced through the compression\npath and resulted in process termination in the Unix allocation/locking\nimplementation after null pointer allocation failure.\n\nFor current affected releases, oversized local SSH agent frame lengths could\ntrigger untrusted-input-driven buffer growth prior to validation.\n\nNo practical remote code execution, integrity or confidentiality impact has\nbeen demonstrated.\n\nFixed by validating CryptoVec growth operations and rejecting oversized SSH\nagent frame lengths before buffer allocation.",
  "id": "RUSTSEC-2026-0153",
  "modified": "2026-06-02T09:53:13Z",
  "published": "2026-05-15T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/russh-cryptovec"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0153.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Eugeny/russh/commit/a2d48a71fe93d18cbd666c8d53d0882f5ce110c4"
    }
  ],
  "related": [],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unchecked `CryptoVec` allocation and growth handling"
}

CVE-2026-46673 (GCVE-0-2026-46673)

Vulnerability from cvelistv5 – Published: 2026-06-10 20:16 – Updated: 2026-06-10 20:16

Title

Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Summary

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/Eugeny/russh/security/advisori…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Eugeny	russh	Affected: < 0.60.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "russh",
          "vendor": "Eugeny",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.60.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Russh is a Rust SSH client \u0026 server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T20:16:28.001Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5"
        }
      ],
      "source": {
        "advisory": "GHSA-g9f8-wqj9-fjw5",
        "discovery": "UNKNOWN"
      },
      "title": "Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-46673",
    "datePublished": "2026-06-10T20:16:28.001Z",
    "dateReserved": "2026-05-15T21:46:51.547Z",
    "dateUpdated": "2026-06-10T20:16:28.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-G9F8-WQJ9-FJW5

Vulnerability from github – Published: 2026-05-21 20:49 – Updated: 2026-06-09 10:55

Summary

Russh: Unchecked CryptoVec allocation and growth handling is reachable

Details

Title

Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Summary

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers.

Details

The underlying unsafe paths were in CryptoVec:

cryptovec/src/cryptovec.rs
unchecked capacity growth
unchecked length arithmetic in growth callers
raw allocation and reallocation paths coupled to those sizes
cryptovec/src/platform/unix.rs
mlock / munlock previously accepted zero-length calls and performed null-pointer validation inside the unsafe OS-call path

There are two relevant reachability stories:

current local reachability in russh
russh/src/keys/agent/client.rs
AgentClient::read_response() read a peer-supplied u32 length and then resized self.buf to that value before reading the payload
russh/src/keys/agent/server.rs
Connection::run() read a peer-supplied u32 length and then resized self.buf to that value before reading the payload

This is the path that still existed in current 0.60.x releases before the fix, although by then those buffers were no longer CryptoVec.

historical remote reachability in older russh
before commit 712e32b (first released in v0.58.0), non-secret transport and compression buffers in russh still used CryptoVec
I verified this in a detached pre-712e32b worktree by adding and running:
cipher::tests::remote_packet_length_grows_transport_cryptovec_buffer
compression::tests::remote_compressed_payload_expands_cryptovec_output
those tests show that remote SSH traffic could grow CryptoVec through:
transport packet reads
zlib decompression output

Also added a constrained-memory reproduction in that historical worktree:

compression::tests::remote_compressed_payload_can_crash_under_memory_limit

That test re-execs the test binary under prlimit --as=134217728, decompresses a highly compressible payload that expands to 96 MiB, and reliably aborts in the old Unix CryptoVec path when NonNull::new_unchecked() receives a null pointer after allocation failure.

The prepared patch does two things:

hardens CryptoVec itself
checked capacity growth
checked length arithmetic
immediate allocation-failure handling
zero-length mlock / munlock no-ops
explicit null-pointer validation before entering the Unix unsafe locking calls
hardens the real untrusted-input path
caps agent frame lengths at 256 * 1024 on both client and server before resizing buffers

This cap matches OpenSSH’s agent framing guardrail.

PoC

The following end-to-end tests demonstrate the real untrusted-input path by feeding oversized peer-controlled agent frame lengths into the public client and server flows and asserting that they are rejected before buffer growth.

Client-side agent reply path:

#[test]
fn oversized_agent_response_is_rejected_before_allocation() -> std::io::Result<()> {
    let runtime = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()?;

    runtime.block_on(async {
        let (mut writer, reader) = tokio::io::duplex(64);
        let server = tokio::spawn(async move {
            let mut frame = [0u8; 4];
            writer.read_exact(&mut frame).await?;
            let len = BigEndian::read_u32(&frame) as usize;
            let mut body = vec![0; len];
            writer.read_exact(&mut body).await?;

            BigEndian::write_u32(&mut frame, (MAX_AGENT_FRAME_LEN + 1) as u32);
            writer.write_all(&frame).await?;
            Ok::<(), std::io::Error>(())
        });

        let mut client = AgentClient::connect(reader);
        let err = client.request_identities().await.unwrap_err();
        assert!(matches!(err, Error::AgentProtocolError));
        server.await.expect("server task")?;
        Ok::<(), std::io::Error>(())
    })?;

    Ok(())
}

Server-side agent request path:

#[test]
fn oversized_agent_request_is_rejected_before_allocation() -> std::io::Result<()> {
    let runtime = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()?;

    runtime.block_on(async {
        let (server, mut client) = tokio::io::duplex(64);
        let connection = Connection {
            lock: Lock(std::sync::Arc::new(std::sync::RwLock::new(crate::CryptoVec::new()))),
            keys: KeyStore(std::sync::Arc::new(std::sync::RwLock::new(
                std::collections::HashMap::new(),
            ))),
            agent: Some(()),
            s: server,
            buf: Vec::new(),
        };
        let server = tokio::spawn(async move { connection.run().await });

        let mut frame = [0u8; 4];
        BigEndian::write_u32(&mut frame, (MAX_AGENT_FRAME_LEN + 1) as u32);
        client.write_all(&frame).await?;
        drop(client);

        let err = server.await.expect("server task").unwrap_err();
        assert!(matches!(err, Error::AgentProtocolError));
        Ok::<(), std::io::Error>(())
    })?;

    Ok(())
}

These tests pass on the fixed branch and fail on unfixed v0.60.2, where oversized agent frame lengths are not rejected at the framing boundary.

For historical russh < 0.58.0, I also verified remote reachability into CryptoVec in a detached pre-712e32b worktree (91d431d, package version 0.57.1).

Transport packet read path:

#[test]
fn remote_packet_length_grows_transport_cryptovec_buffer() -> std::io::Result<()> {
    let runtime = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()?;

    runtime.block_on(async {
        let packet_len = MAXIMUM_PACKET_LEN;
        let (mut writer, mut reader) = tokio::io::duplex(packet_len + 4);
        let writer_task = tokio::spawn(async move {
            let mut packet = vec![0u8; packet_len + 4];
            packet[..4].copy_from_slice(&(packet_len as u32).to_be_bytes());
            writer.write_all(&packet).await?;
            Ok::<(), std::io::Error>(())
        });

        let mut buffer = SSHBuffer::new();
        let mut cipher = clear::Key;
        let n = read(&mut reader, &mut buffer, &mut cipher).await.unwrap();

        assert_eq!(n, packet_len + 4);
        assert_eq!(buffer.buffer.len(), packet_len + 4);
        assert_eq!(&buffer.buffer[..4], &(packet_len as u32).to_be_bytes());

        writer_task.await.expect("writer task")?;
        Ok::<(), std::io::Error>(())
    })?;

    Ok(())
}

Compression growth path:

#[test]
fn remote_compressed_payload_expands_cryptovec_output() {
    let payload = vec![b'A'; 64 * 1024];

    let compression = Compression::new(&ZLIB);
    let mut compressor = Compress::None;
    let mut decompressor = Decompress::None;
    compression.init_compress(&mut compressor);
    compression.init_decompress(&mut decompressor);

    let mut compressed = CryptoVec::new();
    let encoded = compressor
        .compress(&payload, &mut compressed)
        .expect("compress")
        .to_vec();

    let mut output = CryptoVec::new();
    let decoded = decompressor
        .decompress(&encoded, &mut output)
        .expect("decompress");

    assert_eq!(decoded.len(), payload.len());
    assert_eq!(decoded, payload.as_slice());
    assert!(encoded.len() < output.len());
}

Constrained-memory crash reproduction for the historical remote compression path:

#[test]
fn remote_compressed_payload_can_crash_under_memory_limit() {
    const CHILD_ENV: &str = "RUSSH_REMOTE_COMPRESS_CRASH_CHILD";

    if std::env::var_os(CHILD_ENV).is_some() {
        let payload = vec![b'A'; 96 * 1024 * 1024];

        let compression = Compression::new(&ZLIB);
        let mut compressor = Compress::None;
        let mut decompressor = Decompress::None;
        compression.init_compress(&mut compressor);
        compression.init_decompress(&mut decompressor);

        let mut compressed = CryptoVec::new();
        let encoded = compressor
            .compress(&payload, &mut compressed)
            .expect("compress")
            .to_vec();

        let mut output = CryptoVec::new();
        let decoded = decompressor
            .decompress(&encoded, &mut output)
            .expect("decompress");
        assert_eq!(decoded.len(), payload.len());
        return;
    }

    let exe = std::env::current_exe().expect("current exe");
    let status = Command::new("prlimit")
        .args([
            "--as=134217728",
            "--",
            exe.to_str().expect("utf8 exe path"),
            "--exact",
            "compression::tests::remote_compressed_payload_can_crash_under_memory_limit",
            "--nocapture",
        ])
        .env(CHILD_ENV, "1")
        .status()
        .expect("spawn child");

    assert!(
        !status.success(),
        "expected child to fail under constrained address space"
    );
}

On that historical worktree, the constrained-memory child aborts in the old Unix CryptoVec path with:

unsafe precondition(s) violated: NonNull::new_unchecked requires that the pointer is non-null
thread caused non-unwinding panic. aborting.

To run the reproduced checks:

cargo test -p russh oversized_agent_response_is_rejected_before_allocation -- --nocapture
cargo test -p russh oversized_agent_request_is_rejected_before_allocation -- --nocapture
cargo test -p russh-cryptovec

Historical pre-0.58.0 checks were run from the detached 91d431d worktree with:

cargo test --offline -p russh remote_packet_length_grows_transport_cryptovec_buffer -- --nocapture
cargo test --offline -p russh remote_compressed_payload_expands_cryptovec_output -- --nocapture
cargo test --offline -p russh remote_compressed_payload_can_crash_under_memory_limit -- --nocapture

Impact

This is a memory-safety hardening issue with demonstrated untrusted-input reachability.

What is demonstrated:

current local agent peers could previously reach allocation growth directly from attacker-controlled frame lengths
historical remote SSH traffic could previously reach CryptoVec through transport and compression buffers in russh < 0.58.0
under constrained memory, the historical remote compression path can be turned into a process abort in the old Unix CryptoVec code
the fixed code now rejects oversized agent frames early and hardens the underlying allocation paths

What is not demonstrated:

practical code execution
a demonstrated integrity or confidentiality break

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.60.2"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "russh-cryptovec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.60.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.60.2"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "russh"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.60.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T20:49:07Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Title\nUnchecked `CryptoVec` allocation and growth handling was reachable from local agent inputs in current `russh` releases and from remote SSH traffic in historical pre-`0.58.0` releases\n\n### Summary\n`CryptoVec` used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current `russh` releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older `russh` releases before `0.58.0`, remote SSH traffic also reached `CryptoVec` through transport and compression buffers.\n\n### Details\nThe underlying unsafe paths were in `CryptoVec`:\n\n- `cryptovec/src/cryptovec.rs`\n  - unchecked capacity growth\n  - unchecked length arithmetic in growth callers\n  - raw allocation and reallocation paths coupled to those sizes\n- `cryptovec/src/platform/unix.rs`\n  - `mlock` / `munlock` previously accepted zero-length calls and performed null-pointer validation inside the `unsafe` OS-call path\n\nThere are two relevant reachability stories:\n\n1. current local reachability in `russh`\n\n- `russh/src/keys/agent/client.rs`\n  - `AgentClient::read_response()` read a peer-supplied `u32` length and then resized `self.buf` to that value before reading the payload\n- `russh/src/keys/agent/server.rs`\n  - `Connection::run()` read a peer-supplied `u32` length and then resized `self.buf` to that value before reading the payload\n\nThis is the path that still existed in current `0.60.x` releases before the fix, although by then those buffers were no longer `CryptoVec`.\n\n2. historical remote reachability in older `russh`\n\n- before commit `712e32b` (first released in `v0.58.0`), non-secret transport and compression buffers in `russh` still used `CryptoVec`\n- I verified this in a detached pre-`712e32b` worktree by adding and running:\n  - `cipher::tests::remote_packet_length_grows_transport_cryptovec_buffer`\n  - `compression::tests::remote_compressed_payload_expands_cryptovec_output`\n- those tests show that remote SSH traffic could grow `CryptoVec` through:\n  - transport packet reads\n  - zlib decompression output\n\nAlso added a constrained-memory reproduction in that historical worktree:\n\n- `compression::tests::remote_compressed_payload_can_crash_under_memory_limit`\n\nThat test re-execs the test binary under `prlimit --as=134217728`, decompresses a highly compressible payload that expands to `96 MiB`, and reliably aborts in the old Unix `CryptoVec` path when `NonNull::new_unchecked()` receives a null pointer after allocation failure.\n\nThe prepared patch does two things:\n\n1. hardens `CryptoVec` itself\n   - checked capacity growth\n   - checked length arithmetic\n   - immediate allocation-failure handling\n   - zero-length `mlock` / `munlock` no-ops\n   - explicit null-pointer validation before entering the Unix `unsafe` locking calls\n\n2. hardens the real untrusted-input path\n   - caps agent frame lengths at `256 * 1024` on both client and server before resizing buffers\n\nThis cap matches OpenSSH\u2019s agent framing guardrail.\n\n### PoC\nThe following end-to-end tests demonstrate the real untrusted-input path by feeding oversized peer-controlled agent frame lengths into the public client and server flows and asserting that they are rejected before buffer growth.\n\nClient-side agent reply path:\n\n```rust\n#[test]\nfn oversized_agent_response_is_rejected_before_allocation() -\u003e std::io::Result\u003c()\u003e {\n    let runtime = tokio::runtime::Builder::new_current_thread()\n        .enable_all()\n        .build()?;\n\n    runtime.block_on(async {\n        let (mut writer, reader) = tokio::io::duplex(64);\n        let server = tokio::spawn(async move {\n            let mut frame = [0u8; 4];\n            writer.read_exact(\u0026mut frame).await?;\n            let len = BigEndian::read_u32(\u0026frame) as usize;\n            let mut body = vec![0; len];\n            writer.read_exact(\u0026mut body).await?;\n\n            BigEndian::write_u32(\u0026mut frame, (MAX_AGENT_FRAME_LEN + 1) as u32);\n            writer.write_all(\u0026frame).await?;\n            Ok::\u003c(), std::io::Error\u003e(())\n        });\n\n        let mut client = AgentClient::connect(reader);\n        let err = client.request_identities().await.unwrap_err();\n        assert!(matches!(err, Error::AgentProtocolError));\n        server.await.expect(\"server task\")?;\n        Ok::\u003c(), std::io::Error\u003e(())\n    })?;\n\n    Ok(())\n}\n```\n\nServer-side agent request path:\n\n```rust\n#[test]\nfn oversized_agent_request_is_rejected_before_allocation() -\u003e std::io::Result\u003c()\u003e {\n    let runtime = tokio::runtime::Builder::new_current_thread()\n        .enable_all()\n        .build()?;\n\n    runtime.block_on(async {\n        let (server, mut client) = tokio::io::duplex(64);\n        let connection = Connection {\n            lock: Lock(std::sync::Arc::new(std::sync::RwLock::new(crate::CryptoVec::new()))),\n            keys: KeyStore(std::sync::Arc::new(std::sync::RwLock::new(\n                std::collections::HashMap::new(),\n            ))),\n            agent: Some(()),\n            s: server,\n            buf: Vec::new(),\n        };\n        let server = tokio::spawn(async move { connection.run().await });\n\n        let mut frame = [0u8; 4];\n        BigEndian::write_u32(\u0026mut frame, (MAX_AGENT_FRAME_LEN + 1) as u32);\n        client.write_all(\u0026frame).await?;\n        drop(client);\n\n        let err = server.await.expect(\"server task\").unwrap_err();\n        assert!(matches!(err, Error::AgentProtocolError));\n        Ok::\u003c(), std::io::Error\u003e(())\n    })?;\n\n    Ok(())\n}\n```\n\nThese tests pass on the fixed branch and fail on unfixed `v0.60.2`, where oversized agent frame lengths are not rejected at the framing boundary.\n\nFor historical `russh \u003c 0.58.0`, I also verified remote reachability into `CryptoVec` in a detached pre-`712e32b` worktree (`91d431d`, package version `0.57.1`).\n\nTransport packet read path:\n\n```rust\n#[test]\nfn remote_packet_length_grows_transport_cryptovec_buffer() -\u003e std::io::Result\u003c()\u003e {\n    let runtime = tokio::runtime::Builder::new_current_thread()\n        .enable_all()\n        .build()?;\n\n    runtime.block_on(async {\n        let packet_len = MAXIMUM_PACKET_LEN;\n        let (mut writer, mut reader) = tokio::io::duplex(packet_len + 4);\n        let writer_task = tokio::spawn(async move {\n            let mut packet = vec![0u8; packet_len + 4];\n            packet[..4].copy_from_slice(\u0026(packet_len as u32).to_be_bytes());\n            writer.write_all(\u0026packet).await?;\n            Ok::\u003c(), std::io::Error\u003e(())\n        });\n\n        let mut buffer = SSHBuffer::new();\n        let mut cipher = clear::Key;\n        let n = read(\u0026mut reader, \u0026mut buffer, \u0026mut cipher).await.unwrap();\n\n        assert_eq!(n, packet_len + 4);\n        assert_eq!(buffer.buffer.len(), packet_len + 4);\n        assert_eq!(\u0026buffer.buffer[..4], \u0026(packet_len as u32).to_be_bytes());\n\n        writer_task.await.expect(\"writer task\")?;\n        Ok::\u003c(), std::io::Error\u003e(())\n    })?;\n\n    Ok(())\n}\n```\n\nCompression growth path:\n\n```rust\n#[test]\nfn remote_compressed_payload_expands_cryptovec_output() {\n    let payload = vec![b\u0027A\u0027; 64 * 1024];\n\n    let compression = Compression::new(\u0026ZLIB);\n    let mut compressor = Compress::None;\n    let mut decompressor = Decompress::None;\n    compression.init_compress(\u0026mut compressor);\n    compression.init_decompress(\u0026mut decompressor);\n\n    let mut compressed = CryptoVec::new();\n    let encoded = compressor\n        .compress(\u0026payload, \u0026mut compressed)\n        .expect(\"compress\")\n        .to_vec();\n\n    let mut output = CryptoVec::new();\n    let decoded = decompressor\n        .decompress(\u0026encoded, \u0026mut output)\n        .expect(\"decompress\");\n\n    assert_eq!(decoded.len(), payload.len());\n    assert_eq!(decoded, payload.as_slice());\n    assert!(encoded.len() \u003c output.len());\n}\n```\n\nConstrained-memory crash reproduction for the historical remote compression path:\n\n```rust\n#[test]\nfn remote_compressed_payload_can_crash_under_memory_limit() {\n    const CHILD_ENV: \u0026str = \"RUSSH_REMOTE_COMPRESS_CRASH_CHILD\";\n\n    if std::env::var_os(CHILD_ENV).is_some() {\n        let payload = vec![b\u0027A\u0027; 96 * 1024 * 1024];\n\n        let compression = Compression::new(\u0026ZLIB);\n        let mut compressor = Compress::None;\n        let mut decompressor = Decompress::None;\n        compression.init_compress(\u0026mut compressor);\n        compression.init_decompress(\u0026mut decompressor);\n\n        let mut compressed = CryptoVec::new();\n        let encoded = compressor\n            .compress(\u0026payload, \u0026mut compressed)\n            .expect(\"compress\")\n            .to_vec();\n\n        let mut output = CryptoVec::new();\n        let decoded = decompressor\n            .decompress(\u0026encoded, \u0026mut output)\n            .expect(\"decompress\");\n        assert_eq!(decoded.len(), payload.len());\n        return;\n    }\n\n    let exe = std::env::current_exe().expect(\"current exe\");\n    let status = Command::new(\"prlimit\")\n        .args([\n            \"--as=134217728\",\n            \"--\",\n            exe.to_str().expect(\"utf8 exe path\"),\n            \"--exact\",\n            \"compression::tests::remote_compressed_payload_can_crash_under_memory_limit\",\n            \"--nocapture\",\n        ])\n        .env(CHILD_ENV, \"1\")\n        .status()\n        .expect(\"spawn child\");\n\n    assert!(\n        !status.success(),\n        \"expected child to fail under constrained address space\"\n    );\n}\n```\n\nOn that historical worktree, the constrained-memory child aborts in the old Unix `CryptoVec` path with:\n\n```text\nunsafe precondition(s) violated: NonNull::new_unchecked requires that the pointer is non-null\nthread caused non-unwinding panic. aborting.\n```\n\nTo run the reproduced checks:\n\n```bash\ncargo test -p russh oversized_agent_response_is_rejected_before_allocation -- --nocapture\ncargo test -p russh oversized_agent_request_is_rejected_before_allocation -- --nocapture\ncargo test -p russh-cryptovec\n```\n\nHistorical pre-`0.58.0` checks were run from the detached `91d431d` worktree with:\n\n```bash\ncargo test --offline -p russh remote_packet_length_grows_transport_cryptovec_buffer -- --nocapture\ncargo test --offline -p russh remote_compressed_payload_expands_cryptovec_output -- --nocapture\ncargo test --offline -p russh remote_compressed_payload_can_crash_under_memory_limit -- --nocapture\n```\n\n### Impact\nThis is a memory-safety hardening issue with demonstrated untrusted-input reachability.\n\nWhat is demonstrated:\n\n- current local agent peers could previously reach allocation growth directly from attacker-controlled frame lengths\n- historical remote SSH traffic could previously reach `CryptoVec` through transport and compression buffers in `russh \u003c 0.58.0`\n- under constrained memory, the historical remote compression path can be turned into a process abort in the old Unix `CryptoVec` code\n- the fixed code now rejects oversized agent frames early and hardens the underlying allocation paths\n\nWhat is not demonstrated:\n\n- practical code execution\n- a demonstrated integrity or confidentiality break",
  "id": "GHSA-g9f8-wqj9-fjw5",
  "modified": "2026-06-09T10:55:16Z",
  "published": "2026-05-21T20:49:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Eugeny/russh"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0153.html"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0154.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Russh: Unchecked CryptoVec allocation and growth handling is reachable"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

rustsec-2026-0153

Vulnerability from osv_rustsec

CVE-2026-46673 (GCVE-0-2026-46673)

GHSA-G9F8-WQJ9-FJW5

Title

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature