2 matches found
GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...
CVE-2026-46597
CVE-2026-46597 describes an incorrectly placed cast from bytes to int that can cause a server-side panic in the AES-GCM packet decoder when processing crafted inputs. The entry lists high availability impact with network-based exploitability and no privileges required, but the provided documents ...