Bug 2416000 (CVE-2025-47914)

Summary: CVE-2025-47914 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, alcohan, alebedev, amctagga, anjoseph, ansmith, aoconnor, bdettelb, bniver, carogers, cmah, crizzo, dhanak, doconnor, drosa, dsimansk, dymurray, eaguilar, ebaron, eglynn, erezende, fdeutsch, flucifre, gmeno, gparvin, groman, haoli, hkataria, jaharrin, jajackso, jbalunas, jburrell, jcammara, jeder, jjoyce, jkoehler, jmatthew, jmitchel, jneedle, jolong, jprabhak, jschluet, kegrant, kingland, koliveir, kshier, kverlaen, lball, lgamliel, lhh, lphiri, lsvaty, mabashia, manissin, matzew, mbenjamin, mburns, mgarciac, mhackett, mnovotny, ngough, oramraz, owatkins, pahickey, pbohmill, pbraun, peholase, pgrist, pjindal, rfreiman, rhaigner, rjohnson, sausingh, sdawley, shvarugh, simaishi, smcdonal, smullick, sostapov, stcannon, stirabos, teagle, tfister, thason, thavo, vereddy, veshanka, whayutin, wtam, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2424429, 2424430, 2424431, 2424428, 2424446, 2424447, 2424448, 2424449    
Bug Blocks:    

Description OSIDB Bzimport 2025-11-19 21:01:33 UTC 
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.