When writing data larger than 4GB in a single Write
call on an SSH channel, an integer overflow in the
internal payload size calculation caused the write
loop to spin indefinitely, sending empty packets
without making progress. The size comparison now
uses int64 to prevent truncation.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-39834 and Go issue https://go.dev/issue/79567.
This was a PRIVATE track issue, tracked in http://b/502989042.
When writing data larger than 4GB in a single Write
call on an SSH channel, an integer overflow in the
internal payload size calculation caused the write
loop to spin indefinitely, sending empty packets
without making progress. The size comparison now
uses int64 to prevent truncation.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-39834 and Go issue https://go.dev/issue/79567.
This was a PRIVATE track issue, tracked in http://b/502989042.