CVE-2025-47914

EUVD-2025-198227
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
golangcrypto
𝑥
< 0.45.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-go.crypto
bookworm
no-dsa
bullseye
postponed
forky
1:0.50.0-1
fixed
sid
1:0.50.0-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-go.crypto
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
snapd
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
lxd
bionic
needs-triage
focal
not-affected
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
xenial
needs-triage
google-guest-agent
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
resolute
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
buildah
suse enterprise sap 15 SP7
1.35.5-150500.3.53.1
fixed
suse enterprise server 15 SP4
1.35.5-150400.3.59.1
fixed
suse enterprise server 15 SP6
1.35.5-150500.3.53.1
fixed
suse enterprise server 15 SP7
1.35.5-150500.3.53.1
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
podman
suse enterprise sap 15 SP7
4.9.5-150500.3.62.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.65.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.62.2
fixed
podman-docker
suse enterprise sap 15 SP7
4.9.5-150500.3.62.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.65.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.62.2
fixed
podman-remote
suse enterprise sap 15 SP7
4.9.5-150500.3.62.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.65.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.62.2
fixed
podmansh
suse enterprise sap 15 SP7
4.9.5-150500.3.62.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.62.2
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
Common Weakness Enumeration
References
https://go.dev/cl/721960
https://go.dev/issue/76364
https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
https://pkg.go.dev/vuln/GO-2025-4135