Debian Rust Security Tracker 🩺🦀

Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame.

A malicious peer could advertise an oversized frame length, causing the client or server to attempt a large memory allocation before validating the frame, potentially leading to memory exhaustion or process termination.

This is fixed by enforcing a maximum agent frame size of 256 KiB and rejecting oversized frames before buffer allocation.