An incorrectly placed cast from bytes to int
allowed for server-side panic in the AES-GCM
packet decoder for well-crafted inputs.
Thanks to Maciej Kawka for reporting this issue.
This is CVE-2026-46597 and Go issue https://go.dev/issue/79561.
This was a PRIVATE track issue, tracked in http://b/504678385.
An incorrectly placed cast from bytes to int
allowed for server-side panic in the AES-GCM
packet decoder for well-crafted inputs.
Thanks to Maciej Kawka for reporting this issue.
This is CVE-2026-46597 and Go issue https://go.dev/issue/79561.
This was a PRIVATE track issue, tracked in http://b/504678385.