CVE-2025-47914

EPSS 0.01%
Veröffentlicht 19.11.2025 20:33:43
Zuletzt bearbeitet 11.12.2025 19:36:41
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Crypto SwPlatformgo Version < 0.45.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

Mailing List

https://go.dev/cl/721960

Patch

https://go.dev/issue/76364

Patch

Issue Tracking

https://pkg.go.dev/vuln/GO-2025-4135

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-47914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47914

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-47914