Intel

AIKIDO-2026-11024

golang.org/x/crypto is vulnerable to Denial Of Service (DoS)

Denial Of Service (DoS)CVE-2026-39829 Published Jun 2, 2026

75

High Risk

This Affects:

GOgolang.org/x/crypto
0.0.0 - 0.51.0
Fixed in 0.52.0
Are you affected? Scan for Free

TL;DR

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and if you use the golang.org/x/crypto/ssh functionalities.

Background info

golang.org/x/crypto is vulnerable to Denial Of Service (DoS) in versions 0.0.0 - 0.51.0.

How to fix this

Upgrade the golang.org/x/crypto library to the patch version.

Links

pkg.go.dev/vuln/GO-2026-5018
https://pkg.go.dev/vuln/GO-2026-5018
go.dev/cl/781641
https://go.dev/cl/781641
go.dev/cl/781661
https://go.dev/cl/781661
go.dev/issue/79565
https://go.dev/issue/79565
groups.google.com/g/golang-announce/c/a082jnz-LvI
https://groups.google.com/g/golang-announce/c/a082jnz-LvI
access.redhat.com/errata/RHSA-2026:26546
https://access.redhat.com/errata/RHSA-2026:26546
access.redhat.com/errata/RHSA-2026:26547
https://access.redhat.com/errata/RHSA-2026:26547
access.redhat.com/errata/RHSA-2026:29455
https://access.redhat.com/errata/RHSA-2026:29455
access.redhat.com/errata/RHSA-2026:35833
https://access.redhat.com/errata/RHSA-2026:35833
access.redhat.com/errata/RHSA-2026:36199
https://access.redhat.com/errata/RHSA-2026:36199
access.redhat.com/errata/RHSA-2026:36207
https://access.redhat.com/errata/RHSA-2026:36207
access.redhat.com/errata/RHSA-2026:36319
https://access.redhat.com/errata/RHSA-2026:36319
access.redhat.com/errata/RHSA-2026:36625
https://access.redhat.com/errata/RHSA-2026:36625
access.redhat.com/errata/RHSA-2026:36648
https://access.redhat.com/errata/RHSA-2026:36648
access.redhat.com/errata/RHSA-2026:36651
https://access.redhat.com/errata/RHSA-2026:36651
access.redhat.com/errata/RHSA-2026:36796
https://access.redhat.com/errata/RHSA-2026:36796
access.redhat.com/errata/RHSA-2026:36797
https://access.redhat.com/errata/RHSA-2026:36797
access.redhat.com/errata/RHSA-2026:36808
https://access.redhat.com/errata/RHSA-2026:36808
access.redhat.com/errata/RHSA-2026:36820
https://access.redhat.com/errata/RHSA-2026:36820
access.redhat.com/errata/RHSA-2026:36883
https://access.redhat.com/errata/RHSA-2026:36883
access.redhat.com/errata/RHSA-2026:37072
https://access.redhat.com/errata/RHSA-2026:37072
access.redhat.com/errata/RHSA-2026:37123
https://access.redhat.com/errata/RHSA-2026:37123
access.redhat.com/errata/RHSA-2026:37268
https://access.redhat.com/errata/RHSA-2026:37268
access.redhat.com/errata/RHSA-2026:37271
https://access.redhat.com/errata/RHSA-2026:37271
access.redhat.com/errata/RHSA-2026:37272
https://access.redhat.com/errata/RHSA-2026:37272
access.redhat.com/errata/RHSA-2026:37278
https://access.redhat.com/errata/RHSA-2026:37278
access.redhat.com/errata/RHSA-2026:37286
https://access.redhat.com/errata/RHSA-2026:37286
access.redhat.com/errata/RHSA-2026:37296
https://access.redhat.com/errata/RHSA-2026:37296
access.redhat.com/errata/RHSA-2026:37387
https://access.redhat.com/errata/RHSA-2026:37387
access.redhat.com/errata/RHSA-2026:40118
https://access.redhat.com/errata/RHSA-2026:40118
access.redhat.com/errata/RHSA-2026:40119
https://access.redhat.com/errata/RHSA-2026:40119
access.redhat.com/errata/RHSA-2026:40262
https://access.redhat.com/errata/RHSA-2026:40262
access.redhat.com/errata/RHSA-2026:40945
https://access.redhat.com/errata/RHSA-2026:40945
access.redhat.com/errata/RHSA-2026:40969
https://access.redhat.com/errata/RHSA-2026:40969
access.redhat.com/errata/RHSA-2026:40972
https://access.redhat.com/errata/RHSA-2026:40972
access.redhat.com/errata/RHSA-2026:40974
https://access.redhat.com/errata/RHSA-2026:40974
access.redhat.com/errata/RHSA-2026:41019
https://access.redhat.com/errata/RHSA-2026:41019
access.redhat.com/errata/RHSA-2026:41031
https://access.redhat.com/errata/RHSA-2026:41031
access.redhat.com/errata/RHSA-2026:41036
https://access.redhat.com/errata/RHSA-2026:41036
access.redhat.com/errata/RHSA-2026:41066
https://access.redhat.com/errata/RHSA-2026:41066
access.redhat.com/security/cve/CVE-2026-39829
https://access.redhat.com/security/cve/CVE-2026-39829
bugzilla.redhat.com/show_bug.cgi?id=2480681
https://bugzilla.redhat.com/show_bug.cgi?id=2480681
security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39829.json
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39829.json