CVE-2025-47914

MEDIUM5.3EPSS 0.01%

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

發布日:2025/11/19修改日:2026/3/24

也稱為:GHSA-f6x5-jh6r-wrfvCGA-g95w-h5g8-rhqqDEBIAN-CVE-2025-47914GO-2025-4135

描述

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

受影響套件(3)

Debian/golang-go.cryptofrom 0
Go/golang.org/x/cryptofrom 0, < 0.45.0
Go/golang.org/x/cryptofrom 0, < 0.45.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-47914
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-47914
WEBhttps://go.dev/cl/721960
WEBhttps://go.dev/issue/76364
WEBhttps://go.googlesource.com/crypto
WEBhttps://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
WEBhttps://pkg.go.dev/vuln/GO-2025-4135