5.3

CVE-2025-47914

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GolangCrypto SwPlatformgo Version < 0.45.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.382
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
Mailing List
https://go.dev/cl/721960
Patch
https://go.dev/issue/76364
Patch
Issue Tracking
https://pkg.go.dev/vuln/GO-2025-4135
Vendor Advisory