Thanks to visit codestin.com
Credit goes to github.com

Skip to content

x/crypto/ssh/agent: pathological inputs can lead to client panic #79596

Description

@thatnealpatel

For certain crafted inputs, a ed25519.PrivateKey was
created by casting malformed wire bytes, leading to a
panic when used.

Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.

This is CVE-2026-46598 and Go issue https://go.dev/issue/79596.


This was a PUBLIC track issue, tracked in http://b/515398597.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions