{"id":"CVE-2025-47914","details":"SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.","aliases":["GHSA-f6x5-jh6r-wrfv","GO-2025-4135"],"modified":"2026-05-16T08:29:37.982522933Z","published":"2025-11-19T21:15:50.517Z","related":["CGA-g95w-h5g8-rhqq","SUSE-SU-2025:4526-1","SUSE-SU-2025:4536-1","SUSE-SU-2026:0014-1","SUSE-SU-2026:0067-1","SUSE-SU-2026:0125-1","SUSE-SU-2026:0439-1","SUSE-SU-2026:20035-1","SUSE-SU-2026:20123-1","SUSE-SU-2026:20176-1","SUSE-SU-2026:20244-1","SUSE-SU-2026:20357-1","SUSE-SU-2026:20451-1","SUSE-SU-2026:20626-1","SUSE-SU-2026:20641-1","SUSE-SU-2026:20656-1","SUSE-SU-2026:20949-1","SUSE-SU-2026:20976-1","SUSE-SU-2026:21291-1","openSUSE-RU-2026:20010-1","openSUSE-SU-2025:15771-1","openSUSE-SU-2025:15773-1","openSUSE-SU-2025:15852-1","openSUSE-SU-2025:20143-1","openSUSE-SU-2025:20177-1","openSUSE-SU-2026:10013-1","openSUSE-SU-2026:10042-1","openSUSE-SU-2026:10302-1","openSUSE-SU-2026:20080-1","openSUSE-SU-2026:20132-1","openSUSE-SU-2026:20305-1","openSUSE-SU-2026:20438-1","openSUSE-SU-2026:20730-1"],"references":[{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2025-4135"},{"type":"FIX","url":"https://go.dev/cl/721960"},{"type":"FIX","url":"https://go.dev/issue/76364"},{"type":"ARTICLE","url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/golang/crypto","events":[{"introduced":"0"},{"fixed":"4e0068c0098be10d7025c99ab7c50ce454c1f0f9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.45.0"}]}}],"versions":["v0.1.0","v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.18.0","v0.19.0","v0.2.0","v0.20.0","v0.21.0","v0.22.0","v0.23.0","v0.24.0","v0.25.0","v0.26.0","v0.27.0","v0.28.0","v0.29.0","v0.3.0","v0.30.0","v0.31.0","v0.32.0","v0.33.0","v0.34.0","v0.35.0","v0.36.0","v0.37.0","v0.38.0","v0.39.0","v0.4.0","v0.40.0","v0.41.0","v0.42.0","v0.43.0","v0.44.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47914.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}