Skip to content

Instantly share code, notes, and snippets.

View alon710's full-sized avatar
💪

Alon Barad alon710

💪
18 followers · 31 following
View GitHub Profile
@alon710
alon710 / CVE-2026-53462.md
Created June 26, 2026 16:41
CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem - CVE Security Report

CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem

CVSS Score: 5.9 Published: 2026-06-26 Full Report: https://cvereports.com/reports/CVE-2026-53462

Summary

CVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.

TL;DR

@alon710
alon710 / CVE-2026-39832.md
Created June 26, 2026 14:11
CVE-2026-39832: CVE-2026-39832: Silent Drop of Destination Constraints in golang.org/x/crypto SSH Agent Client - CVE Security Report

CVE-2026-39832: CVE-2026-39832: Silent Drop of Destination Constraints in golang.org/x/crypto SSH Agent Client

CVSS Score: 9.1 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39832

Summary

A critical security flaw was identified in the Go package golang.org/x/crypto/ssh/agent. The vulnerability arises during the serialization of key constraints when adding SSH identities to a remote agent or an in-memory keyring. Specifically, custom constraint extensions, such as destination restrictions like restrict-destination-v00@openssh.com, were silently omitted from serialization in client requests. This omission allowed keys to be loaded into the remote agent with zero destination-based restrictions, enabling unauthorized users with access to the agent socket on intermediate hosts to authenticate to any downstream host without policy enforcement. The issue was resolved in version v0.52.0 of the golang.org/x/crypto library.

TL;DR

@alon710
alon710 / CVE-2026-46597.md
Created June 26, 2026 13:41
CVE-2026-46597: CVE-2026-46597: Remote Denial of Service in golang.org/x/crypto/ssh via AES-GCM Padding Integer Overflow - CVE Security Report

CVE-2026-46597: CVE-2026-46597: Remote Denial of Service in golang.org/x/crypto/ssh via AES-GCM Padding Integer Overflow

CVSS Score: 7.5 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-46597

Summary

A high-severity Denial of Service (DoS) vulnerability (CVE-2026-46597 / GO-2026-5013) exists in the golang.org/x/crypto/ssh module before version v0.52.0. The flaw stems from an incorrect operator order during a type conversion of the GCM packet padding size, allowing a remote, unauthenticated attacker to trigger an out-of-bounds slice runtime panic and crash the Go process.

TL;DR

@alon710
alon710 / CVE-2026-39828.md
Created June 26, 2026 09:51
CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass - CVE Security Report

CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass

CVSS Score: 6.3 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39828

Summary

A critical security bypass vulnerability was discovered in the Go SSH server implementation within the golang.org/x/crypto/ssh package. When an SSH server authentication callback returned a PartialSuccessError alongside non-nil Permissions, the server silently discarded these permissions before the subsequent authentication step. Consequently, once the user completed the second-factor authentication, the session-level restrictions were dropped, granting the client unauthorized capabilities.

TL;DR

@alon710
alon710 / CVE-2026-39828.md
Created June 26, 2026 09:42
CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass - CVE Security Report

CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass

CVSS Score: 6.3 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39828

Summary

A critical security bypass vulnerability was discovered in the Go SSH server implementation within the golang.org/x/crypto/ssh package. When an SSH server authentication callback returned a PartialSuccessError alongside non-nil Permissions, the server silently discarded these permissions before the subsequent authentication step. Consequently, once the user completed the second-factor authentication, the session-level restrictions were dropped, granting the client unauthorized capabilities.

TL;DR

@alon710
alon710 / CVE-2026-39828.md
Created June 26, 2026 09:42
CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass - CVE Security Report

CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass

CVSS Score: 6.3 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39828

Summary

A critical security bypass vulnerability was discovered in the Go SSH server implementation within the golang.org/x/crypto/ssh package. When an SSH server authentication callback returned a PartialSuccessError alongside non-nil Permissions, the server silently discarded these permissions before the subsequent authentication step. Consequently, once the user completed the second-factor authentication, the session-level restrictions were dropped, granting the client unauthorized capabilities.

TL;DR

@alon710
alon710 / CVE-2026-39835.md
Created June 26, 2026 08:41
CVE-2026-39835: CVE-2026-39835: Remote Denial of Service via Null Pointer Dereference in Go SSH CertChecker - CVE Security Report

CVE-2026-39835: CVE-2026-39835: Remote Denial of Service via Null Pointer Dereference in Go SSH CertChecker

CVSS Score: 5.3 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39835

Summary

A Denial of Service (DoS) vulnerability exists in the Go SSH implementation package (golang.org/x/crypto/ssh). The vulnerability is caused by a null pointer dereference (runtime panic) when CertChecker is utilized as a public key callback but its validation fields, IsUserAuthority or IsHostAuthority, are uninitialized.

TL;DR

@alon710
alon710 / CVE-2026-39827.md
Created June 26, 2026 08:21
CVE-2026-39827: CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh) - CVE Security Report

CVE-2026-39827: CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh)

CVSS Score: 6.5 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39827

Summary

An unbounded memory leak vulnerability in the Go SSH package (golang.org/x/crypto/ssh) allows authenticated users to crash the server by repeatedly requesting connection channels that are rejected, leading to system resource exhaustion.

TL;DR

@alon710
alon710 / CVE-2026-39830.md
Created June 26, 2026 07:42
CVE-2026-39830: CVE-2026-39830: Unsolicited Response Channel Deadlock and Resource Leak in golang.org/x/crypto/ssh - CVE Security Report

CVE-2026-39830: CVE-2026-39830: Unsolicited Response Channel Deadlock and Resource Leak in golang.org/x/crypto/ssh

CVSS Score: 9.1 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39830

Summary

A denial-of-service (DoS) and resource leak vulnerability in the Go SSH package (golang.org/x/crypto/ssh) allows a malicious peer to permanently deadlock connection processing loops and leak memory. This issue stems from improper handling of unsolicited responses at the global and channel layers, which saturate internal bounded channel buffers and block the main multiplexer loop. The vulnerability is fully resolved in version 0.52.0.

TL;DR

@alon710
alon710 / CVE-2026-39829.md
Created June 26, 2026 05:41
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser - CVE Security Report

CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser

CVSS Score: 7.5 Published: 2026-06-25 Full Report: https://cvereports.com/reports/CVE-2026-39829

Summary

A high-severity Denial of Service (DoS) vulnerability exists in the golang.org/x/crypto/ssh package prior to version 0.52.0. The vulnerability is caused by a lack of size and range validation on incoming RSA and DSA public key parameters during SSH authentication. An unauthenticated attacker can submit a crafted public key with pathologically large parameters, triggering intensive CPU computation during signature verification and leading to a complete Denial of Service.

TL;DR