Skip to main content

golang.org/x/crypto/ssh EUVDEUVD-2026-31400

| CVE-2026-39834 CRITICAL
Integer Overflow or Wraparound (CWE-190)
2026-05-22 Go GHSA-rm3j-f69w-wqmq
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
SUSE
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 28, 2026 - 15:07 vuln.today
CVSS changed
May 28, 2026 - 15:07 NVD
9.1 (None) 9.1 (CRITICAL)
Patch available
May 22, 2026 - 04:31 EUVD
CVE Published
May 22, 2026 - 02:31 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

AnalysisAI

Denial of service in the Go golang.org/x/crypto/ssh package (versions prior to 0.52.0) occurs when an application writes more than 4GB of data in a single Write call on an SSH channel, triggering an integer overflow in the internal payload size calculation that causes the write loop to spin indefinitely while emitting empty packets. The flaw affects any Go application using this SSH library for large data transfers and is patched upstream with a release in version 0.52.0; no public exploit identified at time of analysis and EPSS probability is very low at 0.02%.

Technical ContextAI

The golang.org/x/crypto/ssh package is Go's official extended-library implementation of the SSH protocol, widely used in Go-based SSH clients, servers, SFTP tools, and Kubernetes-adjacent tooling. The root cause is a CWE-190 integer overflow in payload size arithmetic: when comparing the remaining bytes to write against the maximum SSH packet payload, the calculation used a narrower (likely int or int32) type that wraps when input exceeds 2^31 / 4GB. As a result, the size comparison incorrectly concludes there is nothing left to send, but the outer loop never terminates, repeatedly transmitting zero-length packets. The vendor fix promotes the comparison to int64, preserving the true byte count and allowing the loop to drain correctly.

RemediationAI

Upgrade golang.org/x/crypto to version 0.52.0 or later (Vendor-released patch: 0.52.0) by running 'go get golang.org/x/crypto@v0.52.0' and rebuilding all affected binaries, as referenced in the upstream change https://go.dev/cl/781663 and tracking issue https://go.dev/issue/79567. Because Go programs statically embed dependencies, every binary using the SSH package must be individually rebuilt and redeployed - checking with 'govulncheck' will surface vulnerable callers. As an interim workaround until binaries can be rebuilt, application-level code can chunk SSH channel writes into segments well below 4GB (for example, 1GB or smaller), which avoids the overflow at the cost of a small amount of extra loop overhead in the calling code and requires changes wherever bulk writes occur.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SLES15-SP6-CHOST-BYOS-GCE Fixed
SLES15-SP7-CHOST-BYOS-GCE Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed

Share

EUVD-2026-31400 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy