6.5

CVE-2026-39827

Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GolangCrypto SwPlatformgo Version < 0.52.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.094
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

https://go.dev/issue/35127
Issue Tracking
https://go.dev/cl/781320
Issue Tracking
https://groups.google.com/g/golang-announce/c/a082jnz-LvI
Mailing List
https://pkg.go.dev/vuln/GO-2026-5016
Vendor Advisory