CVE-2025-47914 | THREATINT

Description

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

PUBLISHED Reserved 2025-05-13 | Published 2025-11-19 | Updated 2025-11-20 | Assigner Go

Problem types

CWE-237

Product status

Default status

unaffected

Any version before 0.45.0

affected

Credits

Jakub Ciolek

References

groups.google.com/g/golang-announce/c/w-oX3UxNcZA

go.dev/cl/721960

go.dev/issue/76364

pkg.go.dev/vuln/GO-2025-4135

cve.org (CVE-2025-47914)

nvd.nist.gov (CVE-2025-47914)

Download JSON