ssh/agent/server.go's parseRSAKey, parseDSAKey, parseRSACert, and
parseDSACert accept attacker-controlled RSA modulus N and DSA P/Q/G
parameters of arbitrary size from incoming SSH_AGENTC_ADD_IDENTITY /
SSH2_AGENTC_ADD_ID_CONSTRAINED protocol messages. parseRSAKey then
calls rsa.PrivateKey.Precompute() and parseDSAKey constructs a
dsa.PrivateKey usable for subsequent operations. With a 16384-bit
modulus, each ADD_IDENTITY packet costs roughly 250 ms of CPU on the
agent process (vs. 0.9 ms for a 2048-bit modulus on the same hardware),
yielding a 250x amplification per packet and pegging the local
ssh-agent unresponsive under a small packet stream.

The agent module is the building block used by every Go-based
ssh-agent implementation: HashiCorp Vault SSH backend, smallstep
step-ssh, custom corporate agents, and downstream
applications calling agent.NewServer / agent.ServeAgent. The threat
model below explains how a malicious remote SSH server reaches this
parser via standard agent forwarding (ssh -A).

This was originally reported as http://b/516745408 and deemed to be not a security issue.