CVE-2026-39829
Modified Modified - Updated After Analysis

RSA Public Key Parsing Denial of Service via Large Modulus

Vulnerability report for CVE-2026-39829, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-22

Last updated on: 2026-07-01

Assigner: Go Project

Description

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-22
Last Modified
2026-07-01
Generated
2026-07-02
AI Q&A
2026-05-22
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
golang crypto to 0.52.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability involves the RSA and DSA public key parsers in Go, which did not enforce size limits on key parameters.

An attacker can craft a public key with an excessively large modulus or DSA parameter, causing the signature verification process to consume several minutes of CPU time.

This excessive CPU consumption can be triggered by unauthenticated clients during public key authentication.

To mitigate this, RSA moduli are now limited to 8192 bits, and DSA parameters are validated according to FIPS 186-2 standards.

Impact Analysis

This vulnerability can lead to a denial-of-service (DoS) condition by causing excessive CPU consumption during signature verification.

Unauthenticated clients can exploit this by sending crafted public keys with large parameters, which can slow down or disrupt services relying on public key authentication.

Mitigation Strategies

To mitigate this vulnerability, ensure that you are using the latest version of the golang.org/x/crypto package, specifically version v0.52.0 or later, where the issue has been fixed.

The fix enforces size limits on RSA moduli (limited to 8192 bits) and validates DSA parameters according to FIPS 186-2 standards, preventing crafted public keys with excessively large parameters from causing excessive CPU consumption.

Updating your Go environment and any dependent packages that use the affected SSH functions (such as Dial, NewClientConn, ParseAuthorizedKey) will help prevent denial-of-service attacks triggered by unauthenticated clients during public key authentication.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability involves crafted RSA or DSA public keys with excessively large parameters causing high CPU consumption during signature verification. Detection would involve monitoring for unusually high CPU usage during public key authentication attempts, especially from unauthenticated clients.

Since the vulnerability is triggered by public key authentication using malformed keys, one approach is to analyze SSH authentication logs for repeated or suspicious public key authentication attempts that coincide with CPU spikes.

Specific commands to detect this vulnerability are not provided in the available resources.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart