CVE-2024-43410: Russh has an OOM Denial of Service due to allocation of untrusted amount

August 14, 2024 (updated August 21, 2024)

Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server.

References

github.com/Eugeny/russh
github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55
github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg
github.com/advisories/GHSA-vgvv-x7xg-6cqg
nvd.nist.gov/vuln/detail/CVE-2024-43410

Detect and mitigate CVE-2024-43410 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →