RUSTSEC-2026-0153

`CryptoVec` used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected `russh` releases, attacker-controlled input could reach these code paths through buffer resizing operations.

Two affected reachability paths were identified:

* **Current `russh` releases (`0.60.x` before the fix)** Local SSH agent peers could provide attacker-controlled frame lengths that were used to resize internal buffers before validation in:

* `AgentClient::read_response` * `agent::server::Connection::run`

* **Historical `russh` releases before `0.58.0`** `CryptoVec` was also used for non-secret transport and compression buffers, allowing remote SSH traffic to trigger `CryptoVec` growth through:

* transport packet reads * zlib decompression output

These remote paths were removed in `0.58.0` when `CryptoVec` stopped being used for those buffers.

Under constrained memory conditions, historical `russh` versions prior to `0.58.0` can abort the process when remote compressed payload expansion causes allocation failure in `CryptoVec`. This was reproduced through the compression path and resulted in process termination in the Unix allocation/locking implementation after null pointer allocation failure.

For current affected releases, oversized local SSH agent frame lengths could trigger untrusted-input-driven buffer growth prior to validation.

No practical remote code execution, integrity or confidentiality impact has been demonstrated.

Fixed by validating CryptoVec growth operations and rejecting oversized SSH agent frame lengths before buffer allocation.