{"id":"GO-2025-4116","summary":"Potential denial of service in golang.org/x/crypto/ssh/agent","details":"SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.","aliases":["CVE-2025-47913","GHSA-56w8-48fp-6mgv"],"modified":"2026-05-21T10:29:29.799885348Z","published":"2025-11-13T21:12:03Z","related":["CGA-w3q9-xwjj-575v","RHSA-2026:0436","RHSA-2026:0437","RHSA-2026:0470","RHSA-2026:0545","RHSA-2026:0753","RHSA-2026:10703","RHSA-2026:1084","RHSA-2026:11749","RHSA-2026:12030","RHSA-2026:14868","RHSA-2026:16102","RHSA-2026:16701","RHSA-2026:16702","RHSA-2026:19634","RHSA-2026:2769","RHSA-2026:4532","RHSA-2026:4693","RHSA-2026:5167","RHSA-2026:5222","RHSA-2026:8325"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-4116"},"references":[{"type":"FIX","url":"https://go.dev/cl/700295"},{"type":"REPORT","url":"https://go.dev/issue/75178"},{"type":"WEB","url":"https://github.com/advisories/GHSA-56w8-48fp-6mgv"}],"affected":[{"package":{"name":"golang.org/x/crypto","ecosystem":"Go","purl":"pkg:golang/golang.org/x/crypto"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.43.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["agentKeyringSigner.Sign","agentKeyringSigner.SignWithAlgorithm","client.List","client.Sign","client.SignWithFlags","client.Signers"],"path":"golang.org/x/crypto/ssh/agent"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4116.json"}}],"schema_version":"1.7.5","credits":[{"name":"Jakub Ciolek"},{"name":"Nicola Murino"}]}