Russh has an OOM Denial of Service due to allocation of untrusted amount
Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server.
Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server.
Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.
Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality.