2480681 – (CVE-2026-39829) CVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

Bug 2480681 (CVE-2026-39829) - CVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

Summary: CVE-2026-39829 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Se...

Keywords:
Status:	NEW
Alias:	CVE-2026-39829
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2490029 2490030 2490031 2490032 2490033 2490034 2490035 2490036 2490037 2490038 2490041 2490042 2490043 2490044 2490045 2490047 2490048 2490049 2490050 2490051 2490052 2490053 2490054 2490055 2490057 2490058 2490059 2490060 2490064 2490065 2490066 2490067 2490068 2490069 2490070 2490071 2490072 2490073 2490074 2490075 2490076 2490077 2490078 2490079 2490080 2490081 2490082 2490083 2490084 2490085 2490086 2490087 2490088 2490089 2490090 2490091 2490092 2490093 2490094 2490095 2490096 2490097 2490098 2490100 2490101 2490103 2490104 2490105 2490106 2490107 2490108 2490109 2490110 2490111 2490112 2490113 2490114 2490115 2490116 2490117 2490120 2490121 2490122 2490123 2490124 2490039 2490040 2490046 2490056 2490061 2490062 2490063 2490099 2490102
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-22 04:01 UTC by OSIDB Bzimport
Modified:	2026-06-19 08:54 UTC (History)
CC List:	72 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-22 04:01:52 UTC

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Note You need to log in before you can comment on or make changes to this bug.

aazores
akoudelk
alcohan
amctagga
anjoseph
aoconnor
bdettelb
bniver
cmah
crizzo
dhanak
doconnor
drosa
dsimansk
dymurray
eaguilar
ebaron
eborisov
eglynn
fdeutsch
flucifre
gmeno
gparvin
groman
jaharrin
jbalunas
jburrell
jeder
jjoyce
jkoehler
jmatthew
jolong
jprabhak
jpretori
jschluet
kingland
kverlaen
lball
lbragsta
lgamliel
lhh
lphiri
manissin
mbenjamin
mburns
mgarciac
mhackett
mnovotny
ngough
oramraz
pahickey
pjindal
rekumar
rfreiman
rhaigner
rhel-process-autobot
rjohnson
sausingh
sdawley
smullick
sostapov
stirabos
thason
vereddy
veshanka
vkarehfa
vvoronko
watson-tool-maintainers
wenshen
whayutin
wtam
xiyuan