CVE-2026-39830 - Go x/crypto ssh unsolicited response deadlock

golang.org/x/crypto/ssh before 0.52.0 can deadlock when a malicious peer sends unsolicited global request responses. The responses fill an internal buffer, block the read loop, and create a per-connection resource leak that Close() cannot release.

This is a remote denial-of-service issue for SSH clients or servers that accept untrusted peers.

When to use it

  • A repository builds Go binaries that import golang.org/x/crypto/ssh or embed SSH clients, servers, bastions, agents, scanners, tunnels, or connection pools.
  • SSH peers can be untrusted, semi-trusted, tenant-controlled, internet-facing, partner-operated, or generated by test/scanning automation.
  • Long-lived SSH connections, pooled clients, forwarding, or server sessions could amplify stuck goroutines and leaked connections.
  • You need a bounded PR or triage note that upgrades x/crypto and proves malformed peer responses cannot wedge connection teardown.

Inputs

  • Go modules, vendored trees, generated dependency reports, SBOMs, Dockerfiles, images, SSH client/server code, connection pools, forwarding code, and runbooks.
  • Resolved golang.org/x/crypto versions, peer-trust model, timeout/close behavior, resource limits, goroutine leak tests, and service exposure.
  • Available go test, targeted SSH transport tests, race/leak tests, builds, image builds, SBOM, and dependency/security scans.

Affected versions

  • Vulnerable: golang.org/x/crypto/ssh <0.52.0
  • Fixed: 0.52.0+
  • Affected surface: SSH transport read-loop handling of peer responses

Indicator-of-exposure

  • The repository resolves golang.org/x/crypto <0.52.0.
  • Code opens SSH sessions to untrusted or semi-trusted peers.
  • Long-lived connections or connection pools can amplify stuck goroutines.

Quick checks:

rg -n "ssh\\.Dial|NewClientConn|NewServerConn|HandleChannelOpen|DiscardRequests|Close\\(" .
go list -m all | rg "golang.org/x/crypto"

Windows:

rg -n "ssh\\.Dial|NewClientConn|NewServerConn|HandleChannelOpen|DiscardRequests|Close\\(" .
go list -m all | rg "golang.org/x/crypto"

Remediation strategy

  • Upgrade golang.org/x/crypto to 0.52.0+.
  • Review connection lifecycle handling and peer trust assumptions.
  • Add regression tests that verify unsolicited global responses are discarded and cannot wedge connection teardown.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-39830 / GHSA-vgwf-h737-ff37 in Go SSH code.
Unexpected global responses can deadlock the read loop and leak connections.
Produce exactly one output:

- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
  adds deadlock regression tests, and documents operator follow-up, or
- TRIAGE.md if this repository does not control an affected SSH peer path.

## Rules

- Scope only CVE-2026-39830 and directly related SSH transport handling.
- Do not attack shared SSH services to prove exposure.
- Do not auto-merge.

## Steps

1. Inventory every Go module and binary controlled here that embeds
   `golang.org/x/crypto/ssh`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace connection handling for untrusted peers and long-lived sessions.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add regression tests proving unsolicited global responses are discarded and
   connections can still close cleanly.
7. Add a PR body section named `CVE-2026-39830 operator actions` covering
   versions before and after, affected connection paths, and validation that
   passed.
8. Run available validation: `go test`, builds, and dependency/security scans.
9. Use PR title:
   `fix(sec): remediate Go SSH unsolicited-response deadlock`.

Verification - what the reviewer looks for

  • No controlled binary resolves golang.org/x/crypto/ssh <0.52.0.
  • Regression tests show malformed peer responses do not wedge the read loop.
  • Connection teardown remains reliable after invalid input.

Output contract

  • Reviewer-ready PR upgrading every controlled Go module, vendor tree, image, generated report, and SBOM to golang.org/x/crypto 0.52.0+.
  • Regression coverage or documented safe test plan proving unsolicited global responses are discarded and connections close cleanly without live SSH attacks.
  • Operator notes identifying affected SSH client/server paths, long-lived connection pools, rollout targets, and any remaining dependency owners.
  • TRIAGE.md when SSH runtime ownership, vendored dependency, or deployment artifact control is outside this repository.

Watch for

  • Only patching one binary while another long-lived SSH service vendors the old package.
  • Ignoring connection-pool exhaustion risk from per-connection leaks.

References