CVE-2026-39834 - Go x/crypto ssh large channel write infinite loop

golang.org/x/crypto/ssh before 0.52.0 can enter an infinite loop when code writes more than 4GB in a single SSH channel Write call. An internal payload size calculation truncates incorrectly, causing empty packets to be emitted without progress.

This is a denial-of-service risk in applications that stream or proxy very large payloads over SSH channels.

When to use it

  • A repository builds Go SSH clients, servers, tunnels, backup tools, replication jobs, artifact movers, deploy systems, or remote execution agents.
  • SSH channels can carry large archives, images, logs, backups, replication streams, or artifact payloads from untrusted or semi-trusted sources.
  • Code uses Channel.Write, io.Copy, session pipes, buffering wrappers, or custom stream adapters that can issue very large single writes.
  • You need a bounded PR or triage note that upgrades x/crypto and bounds large SSH writes where repository-owned code can do so.

Inputs

  • Go modules, vendored trees, SSH transfer/proxy code, backup/replication paths, Dockerfiles, images, generated dependency reports, SBOMs, and runbooks.
  • Resolved golang.org/x/crypto versions, max payload assumptions, buffering behavior, chunking helpers, peer trust model, resource limits, and rollout owners.
  • Available go test, large-write boundary tests, builds, image builds, SBOM, and dependency/security scans.

Affected versions

  • Vulnerable: golang.org/x/crypto/ssh <0.52.0
  • Fixed: 0.52.0+
  • Affected surface: large buffered channel writes over SSH

Indicator-of-exposure

  • The repository resolves golang.org/x/crypto <0.52.0.
  • Code writes large archives, images, or stream buffers through SSH channels.
  • SSH is used for proxying, backup, replication, or artifact movement.

Quick checks:

rg -n "Channel\\.Write|Write\\(|io.Copy|ssh\\.NewClientConn|session\\.StdinPipe|session\\.StdoutPipe" .
go list -m all | rg "golang.org/x/crypto"

Windows:

rg -n "Channel\\.Write|Write\\(|io.Copy|ssh\\.NewClientConn|session\\.StdinPipe|session\\.StdoutPipe" .
go list -m all | rg "golang.org/x/crypto"

Remediation strategy

  • Upgrade golang.org/x/crypto to 0.52.0+.
  • Audit any path that can pass multi-gigabyte buffers in a single write call.
  • Prefer chunked streaming and bounded writes even after upgrading.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-39834 / GHSA-rm3j-f69w-wqmq in Go SSH code. A
single large channel write can trigger an infinite loop. Produce exactly one
output:

- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
  hardens large-write handling, adds regression tests, and documents operator
  follow-up, or
- TRIAGE.md if this repository does not control an affected SSH data path.

## Rules

- Scope only CVE-2026-39834 and directly related SSH write behavior.
- Do not generate multi-gigabyte stress traffic against shared systems.
- Do not auto-merge.

## Steps

1. Inventory every Go module and binary controlled here that embeds
   `golang.org/x/crypto/ssh`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace large payload write paths over SSH channels.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add safe regression coverage for large-write boundary behavior without
   requiring real 4GB transfers in production environments.
7. Prefer bounded chunking where repository-owned code currently issues unbounded
   channel writes.
8. Add a PR body section named `CVE-2026-39834 operator actions` covering
   versions before and after, affected transfer paths, and validation that
   passed.
9. Run available validation: `go test`, builds, and dependency/security scans.
10. Use PR title:
    `fix(sec): remediate Go SSH large-write infinite loop`.

Verification - what the reviewer looks for

  • No controlled binary resolves golang.org/x/crypto/ssh <0.52.0.
  • Large-write regression tests no longer spin indefinitely.
  • Repository-owned transfer code uses bounded chunking where practical.

Output contract

  • Reviewer-ready PR upgrading every controlled Go module, vendor tree, image, generated report, and SBOM to golang.org/x/crypto 0.52.0+.
  • Safe regression coverage for large-write boundary behavior without generating multi-gigabyte production traffic.
  • Bounded chunking or documented safe write paths for repository-owned SSH transfer code that can assemble giant buffers.
  • TRIAGE.md when SSH transfer runtime, vendored dependency, or deployment artifact control is outside this repository.

Watch for

  • Upgrading the dependency but leaving wrappers that still assemble giant single-write buffers.
  • Only testing tiny transfers that never hit the risky arithmetic path.

References