close
Skip to content

net: panic in Dial and LookupPort when handling NUL byte on Windows (fix CVE-2026-39836) #79006

Closed
Closed
net: panic in Dial and LookupPort when handling NUL byte on Windows (fix CVE-2026-39836)#79006
Labels
NeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blockervulncheck or vulndbIssues for the x/vuln or x/vulndb repo
@thatnealpatel

Description

@thatnealpatel
thatnealpatel
opened on Apr 29, 2026

The Dial and LookupPort functions would panic on Windows when provided
with an input containing a NUL (0). These functions now return an error
rather than panicking.

This is CVE-2026-39836 and Go issue https://go.dev/issue/79006.

This was a PRIVATE track issue, tracked in http://b/502138517.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blockervulncheck or vulndbIssues for the x/vuln or x/vulndb repo

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions