CVE-2026-39829
Description
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2026-39829 NameCVE-2026-39829 DescriptionThe RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192โฆ
CVE-2026-39829
| Name | CVE-2026-39829 |
| Description | The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1137516 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| golang-go.crypto (PTS) | bullseye | 1:0.0~git20201221.eec23a3-1 | vulnerable |
| bookworm | 1:0.4.0-1 | vulnerable | |
| trixie | 1:0.25.0-1 | vulnerable | |
| forky, sid | 1:0.52.0-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| golang-go.crypto | source | (unstable) | 1:0.52.0-1 | 1137516 |
Notes
[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
https://www.openwall.com/lists/oss-security/2026/05/22/6
https://github.com/golang/go/issues/79565
Apply commands
[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)https://www.openwall.com/lists/oss-security/2026/05/22/6https://github.com/golang/go/issues/79565OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Windows Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Affected | โ |
| sid | Fixed | 1:0.52.0-1 |
| forky | Fixed | 1:0.52.0-1 |
| bullseye | Affected | โ |
| bookworm | Affected | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | golang.org/x/crypto | <0.52.0 | 0.52.0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| golang | crypto | {"endExcluding":"0.52.0"} | 0.52.0 |
References
- https://go.dev/cl/781641
- https://go.dev/cl/781661
- https://go.dev/issue/79565
- https://groups.google.com/g/golang-announce/c/a082jnz-LvI
- https://pkg.go.dev/vuln/GO-2026-5018
- https://security-tracker.debian.org/tracker/CVE-2026-39829
- https://www.suse.com/security/cve/CVE-2026-39829.html
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39829
CWEs
CWE-347
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.