GHSA-ch3q-cw5r-f4hg: ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation

The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet.

When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner field whose declared length is much larger than the packet itself. The Kaitai Struct Java runtime attempts to allocate a byte array using the declared length before it discovers that the input is truncated. A sufficiently large value can therefore cause excessive memory allocation or an uncaught OutOfMemoryError, potentially terminating the application process that uses the library.

Applications that enable SSH agent forwarding have an additional attack path: the connected server can send malformed agent protocol messages containing the same class of oversized inner length.