CVE-2026-46597
Server-Side Panic in Go AES-GCM Packet Decoder
Publication date: 2026-05-22
Last updated on: 2026-05-22
Assigner: Go Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| golang | crypto | to 0.52.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an incorrectly placed cast from bytes to int in the AES-GCM packet decoder used in the Go programming language's crypto package. Specifically, this flaw exists in the SSH implementation where certain functions like Dial, NewClientConn, and NewServerConn are affected. The incorrect cast can cause a byte arithmetic underflow, which leads to a server-side panic when processing specially crafted inputs.
How can this vulnerability impact me? :
The vulnerability can cause a server-side panic, which means that an attacker could send specially crafted inputs to the affected Go crypto SSH services and cause them to crash or become unavailable. This can lead to denial of service conditions, disrupting normal operations and potentially affecting the availability of services relying on these cryptographic functions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes a server-side panic in the AES-GCM packet decoder when processing well-crafted inputs due to an incorrectly placed cast from bytes to int.
Detection could involve monitoring server logs for panic events related to the AES-GCM packet decoder or the golang.org/x/crypto/ssh package, especially in functions like Dial, NewClientConn, and NewServerConn.
Since the issue triggers a panic on malformed inputs, you could attempt to reproduce the panic by sending crafted packets to the affected SSH services and observe if the server crashes or logs panic stack traces.
No specific commands or detection scripts are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is due to an incorrectly placed cast causing server-side panic in the AES-GCM packet decoder of golang.org/x/crypto/ssh versions before v0.52.0.
Immediate mitigation steps include updating the golang.org/x/crypto/ssh package to version v0.52.0 or later, where the issue has been fixed.
If updating is not immediately possible, consider restricting or filtering inputs to the affected SSH services to prevent well-crafted malicious packets that could trigger the panic.
Monitor your systems for unexpected server panics and crashes related to SSH connections and apply patches as soon as they become available.