CVE-2026-39834 - Go x/crypto ssh large channel write infinite loop
golang.org/x/crypto/ssh before 0.52.0 can enter an infinite loop when code
writes more than 4GB in a single SSH channel Write call. An internal payload
size calculation truncates incorrectly, causing empty packets to be emitted
without progress.
This is a denial-of-service risk in applications that stream or proxy very large payloads over SSH channels.
When to use it
- A repository builds Go SSH clients, servers, tunnels, backup tools, replication jobs, artifact movers, deploy systems, or remote execution agents.
- SSH channels can carry large archives, images, logs, backups, replication streams, or artifact payloads from untrusted or semi-trusted sources.
- Code uses
Channel.Write,io.Copy, session pipes, buffering wrappers, or custom stream adapters that can issue very large single writes. - You need a bounded PR or triage note that upgrades
x/cryptoand bounds large SSH writes where repository-owned code can do so.
Inputs
- Go modules, vendored trees, SSH transfer/proxy code, backup/replication paths, Dockerfiles, images, generated dependency reports, SBOMs, and runbooks.
- Resolved
golang.org/x/cryptoversions, max payload assumptions, buffering behavior, chunking helpers, peer trust model, resource limits, and rollout owners. - Available
go test, large-write boundary tests, builds, image builds, SBOM, and dependency/security scans.
Affected versions
- Vulnerable:
golang.org/x/crypto/ssh <0.52.0 - Fixed:
0.52.0+ - Affected surface: large buffered channel writes over SSH
Indicator-of-exposure
- The repository resolves
golang.org/x/crypto <0.52.0. - Code writes large archives, images, or stream buffers through SSH channels.
- SSH is used for proxying, backup, replication, or artifact movement.
Quick checks:
rg -n "Channel\\.Write|Write\\(|io.Copy|ssh\\.NewClientConn|session\\.StdinPipe|session\\.StdoutPipe" .
go list -m all | rg "golang.org/x/crypto"
Windows:
rg -n "Channel\\.Write|Write\\(|io.Copy|ssh\\.NewClientConn|session\\.StdinPipe|session\\.StdoutPipe" .
go list -m all | rg "golang.org/x/crypto"
Remediation strategy
- Upgrade
golang.org/x/cryptoto0.52.0+. - Audit any path that can pass multi-gigabyte buffers in a single write call.
- Prefer chunked streaming and bounded writes even after upgrading.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-39834 / GHSA-rm3j-f69w-wqmq in Go SSH code. A
single large channel write can trigger an infinite loop. Produce exactly one
output:
- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
hardens large-write handling, adds regression tests, and documents operator
follow-up, or
- TRIAGE.md if this repository does not control an affected SSH data path.
## Rules
- Scope only CVE-2026-39834 and directly related SSH write behavior.
- Do not generate multi-gigabyte stress traffic against shared systems.
- Do not auto-merge.
## Steps
1. Inventory every Go module and binary controlled here that embeds
`golang.org/x/crypto/ssh`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace large payload write paths over SSH channels.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add safe regression coverage for large-write boundary behavior without
requiring real 4GB transfers in production environments.
7. Prefer bounded chunking where repository-owned code currently issues unbounded
channel writes.
8. Add a PR body section named `CVE-2026-39834 operator actions` covering
versions before and after, affected transfer paths, and validation that
passed.
9. Run available validation: `go test`, builds, and dependency/security scans.
10. Use PR title:
`fix(sec): remediate Go SSH large-write infinite loop`.
Verification - what the reviewer looks for
- No controlled binary resolves
golang.org/x/crypto/ssh <0.52.0. - Large-write regression tests no longer spin indefinitely.
- Repository-owned transfer code uses bounded chunking where practical.
Output contract
- Reviewer-ready PR upgrading every controlled Go module, vendor tree, image,
generated report, and SBOM to
golang.org/x/crypto 0.52.0+. - Safe regression coverage for large-write boundary behavior without generating multi-gigabyte production traffic.
- Bounded chunking or documented safe write paths for repository-owned SSH transfer code that can assemble giant buffers.
TRIAGE.mdwhen SSH transfer runtime, vendored dependency, or deployment artifact control is outside this repository.
Watch for
- Upgrading the dependency but leaving wrappers that still assemble giant single-write buffers.
- Only testing tiny transfers that never hit the risky arithmetic path.
Related recipes
- Go x/crypto ssh unsolicited response deadlock
- Go x/crypto ssh agent forwarded constraint loss
- CVE intelligence intake gate
References
- GitHub Advisory: https://github.com/advisories/GHSA-rm3j-f69w-wqmq
- Go issue: https://go.dev/issue/79567
- Go fix: https://go.dev/cl/781663
- Go vuln entry: https://pkg.go.dev/vuln/GO-2026-5020