Go SSH Channel Integer Overflow Vulnerability Leading to Infinite Write Loop

An integer overflow vulnerability has been identified in the Go programming language's SSH channel implementation, specifically in the 'golang.org/x/crypto' package, prior to version 0.52.0. When data larger than 4GB is written in a single call, the overflow in the payload size calculation causes the write operation to enter an infinite loop. This loop sends empty packets without making any progress, effectively stalling the operation. The issue has been addressed by modifying the size comparison to use int64, preventing the truncation that led to the overflow.

Impact

Exploitation of this vulnerability causes an infinite loop in the write process, disrupting normal SSH channel operations by sending empty packets without progress, which can lead to a denial-of-service condition on the affected channel.

Reproduction

To reproduce this vulnerability, initiate a write operation on an SSH channel that exceeds 4GB in a single call. The channel will enter an infinite loop, sending empty packets without completing the write process.

Remediation

Users should update to version 0.52.0 or later of the 'golang.org/x/crypto' package.