Memory-Allocation

Russh versions up to 0.60.2 are vulnerable to a memory-safety hardening issue due to unchecked `CryptoVec` allocation and growth handling, reachable from local agent inputs and remote SSH traffic, potentially triggering a process abort under constrained memory conditions.

go-zserio versions prior to 0.9.1 are vulnerable to unbounded memory allocation when deserializing data, potentially leading to denial of service.

A crafted payload can force memory allocations of up to 16 GB, leading to a denial-of-service condition in applications using the Zserio serialization framework, including those within the automotive Navigation Data Standard (NDS).

The rust-zserio package is vulnerable to unbounded memory allocation when deserializing arrays, strings, or bytes (blob) types, allowing an attacker to cause a denial-of-service by providing a crafted data file with a large size value.