DEBIAN-CVE-2025-47914

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-47914

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-47914.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-47914

Upstream

CVE-2025-47914

Published

2025-11-19T21:15:50.517Z

Modified

2025-12-09T16:04:08.844750Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

References

https://security-tracker.debian.org/tracker/CVE-2025-47914

Affected packages

Debian:11 / golang-go.crypto

Package

Name: golang-go.crypto
Purl: pkg:deb/debian/golang-go.crypto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.0~git20201221.eec23a3-1

1:0.0~git20210817.32db794-1

1:0.0~git20211202.5770296-1

1:0.0~git20220315.3147a52-1

1:0.0~git20220829.c86fa9a-1~bpo11+1

1:0.0~git20220829.c86fa9a-1

1:0.1.0-1

1:0.4.0-1

1:0.10.0-1

1:0.12.0-1

1:0.13.0-1

1:0.14.0-1

1:0.16.0-1

1:0.17.0-1

1:0.18.0-1

1:0.19.0-1

1:0.21.0-1

1:0.22.0-1

1:0.23.0-1

1:0.24.0-1

1:0.24.0-2

1:0.25.0-1~bpo12+1

1:0.25.0-1

1:0.33.0-1~exp1

1:0.36.0-1~exp1

1:0.41.0-1~exp1

1:0.42.0-1~exp1

1:0.42.0-1

1:0.42.0-2

1:0.42.0-3

1:0.42.0-4

1:0.43.0-1

1:0.43.0-2

1:0.45.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-go.crypto

Package

Name: golang-go.crypto
Purl: pkg:deb/debian/golang-go.crypto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.4.0-1

1:0.10.0-1

1:0.12.0-1

1:0.13.0-1

1:0.14.0-1

1:0.16.0-1

1:0.17.0-1

1:0.18.0-1

1:0.19.0-1

1:0.21.0-1

1:0.22.0-1

1:0.23.0-1

1:0.24.0-1

1:0.24.0-2

1:0.25.0-1~bpo12+1

1:0.25.0-1

1:0.33.0-1~exp1

1:0.36.0-1~exp1

1:0.41.0-1~exp1

1:0.42.0-1~exp1

1:0.42.0-1

1:0.42.0-2

1:0.42.0-3

1:0.42.0-4

1:0.43.0-1

1:0.43.0-2

1:0.45.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-go.crypto

Package

Name: golang-go.crypto
Purl: pkg:deb/debian/golang-go.crypto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.25.0-1

1:0.33.0-1~exp1

1:0.36.0-1~exp1

1:0.41.0-1~exp1

1:0.42.0-1~exp1

1:0.42.0-1

1:0.42.0-2

1:0.42.0-3

1:0.42.0-4

1:0.43.0-1

1:0.43.0-2

1:0.45.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / golang-go.crypto

Package

Name: golang-go.crypto
Purl: pkg:deb/debian/golang-go.crypto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.45.0-1

Affected versions

1:0.*

1:0.25.0-1

1:0.33.0-1~exp1

1:0.36.0-1~exp1

1:0.41.0-1~exp1

1:0.42.0-1~exp1

1:0.42.0-1

1:0.42.0-2

1:0.42.0-3

1:0.42.0-4

1:0.43.0-1

1:0.43.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}