Bug 2414943 (CVE-2025-47913)
| Summary: | CVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | alcohan, amctagga, anjoseph, aoconnor, bbrownin, bdettelb, bniver, carogers, dhanak, doconnor, drosa, dsimansk, eglynn, erezende, fdeutsch, flucifre, gmeno, gparvin, groman, haoli, hkataria, jajackso, jbalunas, jcammara, jjoyce, jkoehler, jmitchel, jneedle, jprabhak, jschluet, kegrant, kingland, koliveir, kshier, kverlaen, lball, lhh, lphiri, lsvaty, mabashia, matzew, mbenjamin, mburns, mgarciac, mhackett, mnovotny, ngough, oramraz, owatkins, pahickey, pbohmill, pbraun, pgrist, rhaigner, sausingh, sdawley, shvarugh, simaishi, smcdonal, smullick, sostapov, stcannon, stirabos, teagle, tfister, thason, thavo, vereddy, veshanka, wtam, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2417045, 2417046, 2420555, 2420556, 2420561, 2420562, 2420564, 2420565, 2420566, 2420567, 2420568, 2420569, 2420571, 2420575, 2420577, 2420578, 2420582, 2420583, 2420584, 2420585, 2420586, 2420587, 2420591, 2420592, 2420593, 2420594, 2420595, 2420596, 2420597, 2420598, 2420600, 2420603, 2420604, 2420607, 2420611, 2420612, 2420613, 2420614, 2420615, 2420619, 2420620, 2420621, 2420623, 2420625, 2420628, 2420629, 2420630, 2424420, 2424421, 2424422, 2420557, 2420558, 2420559, 2420560, 2420563, 2420570, 2420572, 2420573, 2420574, 2420576, 2420579, 2420580, 2420588, 2420589, 2420590, 2420599, 2420601, 2420602, 2420605, 2420606, 2420608, 2420609, 2420610, 2420616, 2420617, 2420618, 2420622, 2420624, 2420626, 2420627, 2420631, 2424419 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-11-13 22:01:50 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:0436 https://access.redhat.com/errata/RHSA-2026:0436 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:0437 https://access.redhat.com/errata/RHSA-2026:0437 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:0470 https://access.redhat.com/errata/RHSA-2026:0470 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:0545 https://access.redhat.com/errata/RHSA-2026:0545 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:0753 https://access.redhat.com/errata/RHSA-2026:0753 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:1084 https://access.redhat.com/errata/RHSA-2026:1084 |