NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-39829

Summary	The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.
Publication Date	May 22, 2026, 1:16 p.m.
Registration Date	May 23, 2026, 4:08 a.m.
Last Update	May 22, 2026, 1:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://go.dev/cl/781641	security@golang.org
2	https://go.dev/cl/781661	security@golang.org
3	https://go.dev/issue/79565	security@golang.org
4	https://groups.google.com/g/golang-announce/c/a082jnz-LvI	security@golang.org
5	https://pkg.go.dev/vuln/GO-2026-5018	security@golang.org

Common Vulnerabilities List