Back to search
CVE-2026-39829
Published: May 22, 2026
Modified: May 22, 2026
PUBLISHED
Description
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.
| Vendor | Product | Versions |
|---|---|---|
golang.org/x/crypto | golang.org/x/crypto/ssh | affected 0 - < 0.52.0 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now