Russh is missing an overflow check during channel windows adjust

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.

Basic Information

ID CVE-2025-54804

Source GitHub_M

Published Aug 5, 2025 at 00:05

Modified Aug 5, 2025 at 14:44

Affected Product

Vendor Eugeny

Product russh

Version < 0.54.1

Affected Versions Eugeny russh < 0.54.1

CWE Classification

CWE-190

References

{
    "lastseen": "",
    "description": "Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.",
    "published": "2025-08-05T00:05:20.971Z",
    "modified": "2025-08-05T14:44:05.415Z",
    "type": "cve",
    "title": "Russh is missing an overflow check during channel windows adjust",
    "source": "GitHub_M",
    "references": "https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm\nhttps://github.com/Eugeny/russh/commit/0eb5e406780890e21ff71dd25d731b30676478e5",
    "id": "CVE-2025-54804",
    "bulletinFamily": "",
    "cwe": [
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "Eugeny russh < 0.54.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "russh",
    "version": "< 0.54.1",
    "vendor": "Eugeny",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Russh is missing an overflow check during channel windows adjust_CVE-2025-54804