The RSA and DSA public key parsers did not enforce size
limits on key parameters. A crafted public key with an
excessively large modulus or DSA parameter could cause
several minutes of CPU consumption during signature
verification. This could be triggered by unauthenticated
clients during public key authentication. RSA moduli are
now limited to 8192 bits, and DSA parameters are validated
per FIPS 186-2.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-39829 and Go issue https://go.dev/issue/79565.
This was a PRIVATE track issue, tracked in http://b/502994717.
The RSA and DSA public key parsers did not enforce size
limits on key parameters. A crafted public key with an
excessively large modulus or DSA parameter could cause
several minutes of CPU consumption during signature
verification. This could be triggered by unauthenticated
clients during public key authentication. RSA moduli are
now limited to 8192 bits, and DSA parameters are validated
per FIPS 186-2.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-39829 and Go issue https://go.dev/issue/79565.
This was a PRIVATE track issue, tracked in http://b/502994717.