CVE-2026-39830
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The bl
CVSS
9.1
Crítico
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Publicado: 22 may 2026 · Última mod.: 16 jul 2026 · CWE-119 · CWE-772
0.5%EPSS · 30 días0.5%
2026-06-302026-07-16
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
- go.devhttps://go.dev/cl/781640
- go.devhttps://go.dev/cl/781664
- go.devhttps://go.dev/issue/79564
- groups.google.comhttps://groups.google.com/g/golang-announce/c/a082jnz-LvI
- pkg.go.devhttps://pkg.go.dev/vuln/GO-2026-5017
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:29455
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35833
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36199
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36207
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36319
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36625
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36648
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36651
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36796
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36797
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36808
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37072
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37268
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37271
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37272
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-312778.8 ALT71.0%
KEV—71Apple Multiple Products Buffer Overflow Vulnerability2dCVE-2005-445910.0 SIN96.2%
——29Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.9dCVE-2011-40454.3 SIN88.5%
——27Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.8dCVE-2025-434338.8 ALT62.4%
——19The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.2dCVE-2025-432146.5 MED57.6%
——17The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.2dCVE-2025-434414.3 MED55.9%
——17The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.2d