CVE-2025-47914 in golang.org/x/crypto/ssh/agent_CVE-2025-47914

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Basic Information

ID CVE-2025-47914

Source Go

Published Nov 19, 2025 at 20:33

Modified Nov 19, 2025 at 20:50

Affected Product

Vendor golang.org/x/crypto

Product golang.org/x/crypto/ssh/agent

CWE Classification

CWE-125

References

{
    "lastseen": "",
    "description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
    "published": "2025-11-19T20:33:43.126Z",
    "modified": "2025-11-19T20:50:30.968Z",
    "type": "cve",
    "title": "CVE-2025-47914 in golang.org/x/crypto/ssh/agent",
    "source": "Go",
    "references": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\nhttps://go.dev/cl/721960\nhttps://go.dev/issue/76364\nhttps://pkg.go.dev/vuln/GO-2025-4135",
    "id": "CVE-2025-47914",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "golang.org/x/crypto/ssh/agent",
    "version": "",
    "vendor": "golang.org/x/crypto",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}