Bug 2414943 (CVE-2025-47913) - CVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
Summary: CVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: ...
Keywords:
Status: NEW
Alias: CVE-2025-47913
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2417045 2417046 2420555 2420556 2420561 2420562 2420564 2420565 2420566 2420567 2420568 2420569 2420571 2420575 2420577 2420578 2420582 2420583 2420584 2420585 2420586 2420587 2420591 2420592 2420593 2420594 2420595 2420596 2420597 2420598 2420600 2420603 2420604 2420607 2420611 2420612 2420613 2420614 2420615 2420619 2420620 2420621 2420622 2420623 2420625 2420628 2420629 2420630 2424420 2424421 2424422 2420557 2420558 2420559 2420560 2420563 2420570 2420572 2420573 2420574 2420576 2420579 2420580 2420588 2420589 2420590 2420599 2420601 2420602 2420605 2420606 2420608 2420609 2420610 2420616 2420617 2420618 2420624 2420626 2420627 2420631 2424419
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-13 22:01 UTC by OSIDB Bzimport
Modified: 2026-01-26 14:18 UTC (History)
71 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:0436 0 None None None 2026-01-12 02:01:41 UTC
Red Hat Product Errata RHSA-2026:0437 0 None None None 2026-01-12 03:45:06 UTC
Red Hat Product Errata RHSA-2026:0470 0 None None None 2026-01-12 17:28:33 UTC
Red Hat Product Errata RHSA-2026:0545 0 None None None 2026-01-14 04:00:41 UTC
Red Hat Product Errata RHSA-2026:0753 0 None None None 2026-01-19 02:05:31 UTC
Red Hat Product Errata RHSA-2026:1084 0 None None None 2026-01-26 14:18:22 UTC

Description OSIDB Bzimport 2025-11-13 22:01:50 UTC 
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
Comment 3 errata-xmlrpc 2026-01-12 02:01:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0436 https://access.redhat.com/errata/RHSA-2026:0436
Comment 4 errata-xmlrpc 2026-01-12 03:45:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0437 https://access.redhat.com/errata/RHSA-2026:0437
Comment 5 errata-xmlrpc 2026-01-12 17:28:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0470 https://access.redhat.com/errata/RHSA-2026:0470
Comment 6 errata-xmlrpc 2026-01-14 04:00:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0545 https://access.redhat.com/errata/RHSA-2026:0545
Comment 7 errata-xmlrpc 2026-01-19 02:05:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0753 https://access.redhat.com/errata/RHSA-2026:0753
Comment 8 errata-xmlrpc 2026-01-26 14:18:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:1084 https://access.redhat.com/errata/RHSA-2026:1084
Note You need to log in before you can comment on or make changes to this bug.