N/A - CVE-2025-54804

Executive Summary

Informations
Name	CVE-2025-54804	First vendor Publication	2025-08-05
Vendor	Cve	Last vendor Modification	2025-08-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54804

CPE : Common Platform Enumeration

Type	Description	Count
Application	Russh Project Russh cpe:2.3:a:russh_project:russh:0.37.0:-::::rust::* cpe:2.3:a:russh_project:russh:0.37.0:beta1::::rust::* cpe:2.3:a:russh_project:russh::::::rust::*	3
Application	Warpgate Project Warpgate cpe:2.3:a:warpgate_project:warpgate:0.7.2:::::::* cpe:2.3:a:warpgate_project:warpgate::::::::	2

Sources (Detail)

https://github.com/Eugeny/russh/commit/0eb5e406780890e21ff71dd25d731b30676478e5
https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-08-18 17:20:28	Multiple Updates
2025-08-06 02:39:09	Multiple Updates
2025-08-06 02:38:55	Multiple Updates
2025-08-05 21:20:37	Multiple Updates
2025-08-05 09:20:37	First insertion