CVE-2026-39829: CWE-1176: Inefficient CPU Computation in golang.org/x/crypto golang.org/x/crypto/ssh
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.
AI Analysis
Technical Summary
The golang.org/x/crypto/ssh package contained a vulnerability (CVE-2026-39829) due to lack of enforcement of size limits on RSA and DSA public key parameters. Attackers could supply crafted public keys with very large moduli or DSA parameters, causing inefficient CPU computation that could last several minutes during signature verification. This vulnerability affects the public key authentication process and can be triggered without authentication. The remediation involves imposing an 8192-bit limit on RSA moduli and validating DSA parameters per FIPS 186-2.
Potential Impact
An attacker can cause significant CPU resource consumption on a server using the vulnerable golang.org/x/crypto/ssh package by sending crafted public keys with oversized parameters during authentication. This results in a denial-of-service condition due to inefficient computation. There is no indication of code execution or data compromise from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The description notes that RSA moduli are now limited to 8192 bits and DSA parameters validated per FIPS 186-2, indicating a fix is planned or implemented. Until an official patch is confirmed, monitor vendor advisories for updates and consider limiting exposure to unauthenticated public key authentication attempts if possible.
CVE-2026-39829: CWE-1176: Inefficient CPU Computation in golang.org/x/crypto golang.org/x/crypto/ssh
Description
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The golang.org/x/crypto/ssh package contained a vulnerability (CVE-2026-39829) due to lack of enforcement of size limits on RSA and DSA public key parameters. Attackers could supply crafted public keys with very large moduli or DSA parameters, causing inefficient CPU computation that could last several minutes during signature verification. This vulnerability affects the public key authentication process and can be triggered without authentication. The remediation involves imposing an 8192-bit limit on RSA moduli and validating DSA parameters per FIPS 186-2.
Potential Impact
An attacker can cause significant CPU resource consumption on a server using the vulnerable golang.org/x/crypto/ssh package by sending crafted public keys with oversized parameters during authentication. This results in a denial-of-service condition due to inefficient computation. There is no indication of code execution or data compromise from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The description notes that RSA moduli are now limited to 8192 bits and DSA parameters validated per FIPS 186-2, indicating a fix is planned or implemented. Until an official patch is confirmed, monitor vendor advisories for updates and consider limiting exposure to unauthenticated public key authentication attempts if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Go
- Date Reserved
- 2026-04-07T18:13:03.528Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0fcdabe1370fbb487d5002
Added to database: 5/22/2026, 3:29:47 AM
Last enriched: 5/22/2026, 3:45:38 AM
Last updated: 5/23/2026, 4:59:00 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.