Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

GO-2026-5020 · CVE-2026-39834

Published May 22, 2026 · Modified May 27, 2026

Description

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

References

REPORT https://go.dev/issue/79567
WEB https://groups.google.com/g/golang-announce/c/a082jnz-LvI
FIX https://go.dev/cl/781663

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes