CVE-2025-47914

EPSS 0.02%
Veröffentlicht 19.11.2025 20:33:43
Zuletzt bearbeitet 11.12.2025 19:36:41
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Crypto SwPlatformgo Version < 0.45.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

Mailing List

https://go.dev/cl/721960

Patch

https://go.dev/issue/76364

Patch

Issue Tracking

https://pkg.go.dev/vuln/GO-2025-4135

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-47914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47914

EUVD