CVE Catalog

CVE-2026-39834

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-39834 is a vulnerability related to an integer overflow that occurs when writing data larger than 4GB in a single Write call on an SSH channel. This error causes the write loop to spin indefinitely, sending empty packets without making progress.

Risk Assessment

Organizations may experience performance issues and process blocking related to data writing, potentially leading to system downtime.

Recommendation

It is recommended to update the software to apply the fix that changes the size comparison to int64, preventing truncation.

Original NVD description (English source)

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS