RUSTSEC-2026-0153: Unchecked `CryptoVec` allocation and growth handling
high 1 affectedCryptoVec used unchecked capacity growth, unchecked length arithmetic, and
unsafe allocation and locking paths. In affected russh releases,
attacker-controlled input could reach these code paths through buffer resizing
operations.
Two affected reachability paths were identified:
-
Current
russhreleases (0.60.xbefore the fix) Local SSH agent peers could provide attacker-controlled frame lengths that were used to resize internal buffers before validation in:AgentClient::read_responseagent::server::Connection::run
-
Historical
russhreleases before0.58.0CryptoVecwas also used for non-secret transport and compression buffers, allowing remote SSH traffic to triggerCryptoVecgrowth through:- transport packet reads
- zlib decompression output
These remote paths were removed in 0.58.0 when CryptoVec stopped being used
for those buffers.
Under constrained memory conditions, historical russh versions prior to
0.58.0 can abort the process when remote compressed payload expansion causes
allocation failure in CryptoVec. This was reproduced through the compression
path and resulted in process termination in the Unix allocation/locking
implementation after null pointer allocation failure.
For current affected releases, oversized local SSH agent frame lengths could trigger untrusted-input-driven buffer growth prior to validation.
No practical remote code execution, integrity or confidentiality impact has been demonstrated.
Fixed by validating CryptoVec growth operations and rejecting oversized SSH agent frame lengths before buffer allocation.