Home

Description

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

PUBLISHED Reserved 2026-04-07 | Published 2026-05-22 | Updated 2026-05-22 | Assigner Go

Problem types

CWE-190: Integer Overflow or Wraparound

Product status

Default status
unaffected

Any version before 0.52.0
affected

Credits

NCC Group Cryptography Services, sponsored by Teleport

References

go.dev/issue/79567

groups.google.com/g/golang-announce/c/a082jnz-LvI

go.dev/cl/781663

pkg.go.dev/vuln/GO-2026-5020

cve.org (CVE-2026-39834)

nvd.nist.gov (CVE-2026-39834)

Download JSON