2416000 – (CVE-2025-47914) CVE-2025-47914 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

Bug 2416000 (CVE-2025-47914) - CVE-2025-47914 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

Summary: CVE-2025-47914 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Se...

Keywords:
Status:	NEW
Alias:	CVE-2025-47914
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2424429 2424430 2424431 2424428 2424446 2424447 2424448 2424449
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-19 21:01 UTC by OSIDB Bzimport
Modified:	2026-01-21 10:55 UTC (History)
CC List:	90 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-19 21:01:33 UTC

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Note You need to log in before you can comment on or make changes to this bug.

aazores
alcohan
alebedev
amctagga
anjoseph
ansmith
aoconnor
bdettelb
bniver
carogers
cmah
crizzo
dhanak
doconnor
drosa
dsimansk
dymurray
eaguilar
ebaron
eglynn
erezende
fdeutsch
flucifre
gmeno
gparvin
groman
haoli
hkataria
jaharrin
jajackso
jbalunas
jburrell
jcammara
jeder
jjoyce
jkoehler
jmatthew
jmitchel
jneedle
jolong
jprabhak
jschluet
kegrant
kingland
koliveir
kshier
kverlaen
lball
lgamliel
lhh
lphiri
lsvaty
mabashia
manissin
matzew
mbenjamin
mburns
mgarciac
mhackett
mnovotny
ngough
oramraz
owatkins
pahickey
pbohmill
pbraun
peholase
pgrist
pjindal
rfreiman
rhaigner
rjohnson
sausingh
sdawley
shvarugh
simaishi
smcdonal
smullick
sostapov
stcannon
stirabos
teagle
tfister
thason
thavo
vereddy
veshanka
whayutin
wtam
yguenane