CVE-2026-39830 - Go x/crypto ssh unsolicited response deadlock
golang.org/x/crypto/ssh before 0.52.0 can deadlock when a malicious peer
sends unsolicited global request responses. The responses fill an internal
buffer, block the read loop, and create a per-connection resource leak that
Close() cannot release.
This is a remote denial-of-service issue for SSH clients or servers that accept untrusted peers.
When to use it
- A repository builds Go binaries that import
golang.org/x/crypto/sshor embed SSH clients, servers, bastions, agents, scanners, tunnels, or connection pools. - SSH peers can be untrusted, semi-trusted, tenant-controlled, internet-facing, partner-operated, or generated by test/scanning automation.
- Long-lived SSH connections, pooled clients, forwarding, or server sessions could amplify stuck goroutines and leaked connections.
- You need a bounded PR or triage note that upgrades
x/cryptoand proves malformed peer responses cannot wedge connection teardown.
Inputs
- Go modules, vendored trees, generated dependency reports, SBOMs, Dockerfiles, images, SSH client/server code, connection pools, forwarding code, and runbooks.
- Resolved
golang.org/x/cryptoversions, peer-trust model, timeout/close behavior, resource limits, goroutine leak tests, and service exposure. - Available
go test, targeted SSH transport tests, race/leak tests, builds, image builds, SBOM, and dependency/security scans.
Affected versions
- Vulnerable:
golang.org/x/crypto/ssh <0.52.0 - Fixed:
0.52.0+ - Affected surface: SSH transport read-loop handling of peer responses
Indicator-of-exposure
- The repository resolves
golang.org/x/crypto <0.52.0. - Code opens SSH sessions to untrusted or semi-trusted peers.
- Long-lived connections or connection pools can amplify stuck goroutines.
Quick checks:
rg -n "ssh\\.Dial|NewClientConn|NewServerConn|HandleChannelOpen|DiscardRequests|Close\\(" .
go list -m all | rg "golang.org/x/crypto"
Windows:
rg -n "ssh\\.Dial|NewClientConn|NewServerConn|HandleChannelOpen|DiscardRequests|Close\\(" .
go list -m all | rg "golang.org/x/crypto"
Remediation strategy
- Upgrade
golang.org/x/cryptoto0.52.0+. - Review connection lifecycle handling and peer trust assumptions.
- Add regression tests that verify unsolicited global responses are discarded and cannot wedge connection teardown.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-39830 / GHSA-vgwf-h737-ff37 in Go SSH code.
Unexpected global responses can deadlock the read loop and leak connections.
Produce exactly one output:
- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
adds deadlock regression tests, and documents operator follow-up, or
- TRIAGE.md if this repository does not control an affected SSH peer path.
## Rules
- Scope only CVE-2026-39830 and directly related SSH transport handling.
- Do not attack shared SSH services to prove exposure.
- Do not auto-merge.
## Steps
1. Inventory every Go module and binary controlled here that embeds
`golang.org/x/crypto/ssh`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace connection handling for untrusted peers and long-lived sessions.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add regression tests proving unsolicited global responses are discarded and
connections can still close cleanly.
7. Add a PR body section named `CVE-2026-39830 operator actions` covering
versions before and after, affected connection paths, and validation that
passed.
8. Run available validation: `go test`, builds, and dependency/security scans.
9. Use PR title:
`fix(sec): remediate Go SSH unsolicited-response deadlock`.
Verification - what the reviewer looks for
- No controlled binary resolves
golang.org/x/crypto/ssh <0.52.0. - Regression tests show malformed peer responses do not wedge the read loop.
- Connection teardown remains reliable after invalid input.
Output contract
- Reviewer-ready PR upgrading every controlled Go module, vendor tree, image,
generated report, and SBOM to
golang.org/x/crypto 0.52.0+. - Regression coverage or documented safe test plan proving unsolicited global responses are discarded and connections close cleanly without live SSH attacks.
- Operator notes identifying affected SSH client/server paths, long-lived connection pools, rollout targets, and any remaining dependency owners.
TRIAGE.mdwhen SSH runtime ownership, vendored dependency, or deployment artifact control is outside this repository.
Watch for
- Only patching one binary while another long-lived SSH service vendors the old package.
- Ignoring connection-pool exhaustion risk from per-connection leaks.
Related recipes
- Go x/crypto ssh FIDO presence bypass
- Go x/crypto ssh agent forwarded constraint loss
- CVE intelligence intake gate
References
- GitHub Advisory: https://github.com/advisories/GHSA-vgwf-h737-ff37
- Go issue: https://go.dev/issue/79564
- Go fixes: https://go.dev/cl/781640, https://go.dev/cl/781664
- Go vuln entry: https://pkg.go.dev/vuln/GO-2026-5017