Bug 2480681 (CVE-2026-39829)

Summary: CVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aazores, akoudelk, alcohan, amctagga, anjoseph, aoconnor, bdettelb, bniver, cmah, crizzo, dakwon, dhanak, dkeler, doconnor, drosa, dsimansk, dymurray, eaguilar, ebaron, eborisov, eglynn, fdeutsch, flucifre, gmeno, gparvin, groman, jaharrin, jbalunas, jburrell, jeder, jjoyce, jkoehler, jmatthew, jolong, jprabhak, jpretori, jschluet, kingland, kverlaen, lball, lbragsta, lgamliel, lhh, lphiri, manissin, mbenjamin, mburns, mgarciac, mhackett, mnovotny, ngough, oramraz, pahickey, pjindal, rekumar, rfreiman, rhaigner, rhel-process-autobot, rjohnson, sausingh, sbratsla, sdawley, smullick, sostapov, stirabos, suppawar, thason, vereddy, veshanka, vkarehfa, vvoronko, watson-tool-maintainers, wenshen, whayutin, wtam, xiyuan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2490029, 2490030, 2490031, 2490032, 2490034, 2490035, 2490036, 2490037, 2490038, 2490041, 2490042, 2490043, 2490044, 2490045, 2490047, 2490048, 2490050, 2490051, 2490052, 2490053, 2490054, 2490055, 2490057, 2490058, 2490059, 2490060, 2490064, 2490065, 2490066, 2490068, 2490069, 2490070, 2490071, 2490073, 2490074, 2490075, 2490076, 2490077, 2490078, 2490079, 2490080, 2490081, 2490082, 2490084, 2490085, 2490086, 2490087, 2490088, 2490089, 2490090, 2490092, 2490093, 2490094, 2490095, 2490096, 2490097, 2490098, 2490101, 2490103, 2490104, 2490105, 2490106, 2490107, 2490108, 2490109, 2490110, 2490111, 2490112, 2490113, 2490114, 2490115, 2490116, 2490120, 2490121, 2490122, 2490123, 2490124, 2490033, 2490039, 2490040, 2490046, 2490049, 2490056, 2490061, 2490062, 2490063, 2490067, 2490072, 2490083, 2490091, 2490099, 2490100, 2490102, 2490117    
Bug Blocks:    

Description OSIDB Bzimport 2026-05-22 04:01:52 UTC
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Comment 2 errata-xmlrpc 2026-06-24 23:49:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:29455 https://access.redhat.com/errata/RHSA-2026:29455