Description
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
Published: 2026-05-22
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An incorrectly placed cast from bytes to int in the AES‑GCM packet decoder of golang.org/x/crypto/ssh causes an arithmetic underflow that results in a server‑side panic. The flaw does not directly expose data or grant privileges, but it can crash the service, leading to an availability loss. The vulnerability stems from improper type conversion and integer underflow.

Affected Systems

The affected component is golang.org/x/crypto/ssh from the Golang crypto library. No specific version range is supplied in the advisory, so the issue likely affects all releases before the fix referenced in the issue tracker.

Risk and Exploitability

Based on the description, it is inferred that a remote attacker who can send data to a vulnerable SSH server could craft malformed AES‑GCM packets that trigger the underflow and panic. The CVSS score is 7.5, indicating a high severity flaw. The EPSS score is <1% and the vulnerability is not listed in CISA KEV, so no public evidence of exploitation exists at this time. The attack can be performed without authentication, depending on the server’s readiness to process inbound packets.

Generated by OpenCVE AI on May 28, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade golang.org/x/crypto to a patched version that eliminates the incorrect cast and subsequent underflow.
  • If an immediate upgrade is not possible, monitor for sudden crashes or restart events on the SSH server and block or queue suspicious packets until a patch can be applied.
  • Verify that the patched library does not affect other cryptographic functionality before deployment.

Generated by OpenCVE AI on May 28, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Golang crypto
Weaknesses CWE-704
CPEs cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*
Vendors & Products Golang crypto

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Fri, 22 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-680
CWE-704

Fri, 22 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Golang
Golang ssh
Vendors & Products Golang
Golang ssh

Fri, 22 May 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-680
CWE-704

Fri, 22 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
Title Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
References

Subscriptions

Golang Crypto Ssh
cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published:

Updated: 2026-05-22T14:08:27.674Z

Reserved: 2026-05-15T17:35:00.813Z

Link: CVE-2026-46597

cve-icon Vulnrichment

Updated: 2026-05-22T14:07:37.911Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-22T04:16:26.003

Modified: 2026-05-28T14:44:17.637

Link: CVE-2026-46597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T15:30:05Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound

  • CWE-704

    Incorrect Type Conversion or Cast