UBUNTU-CVE-2025-47914
- Source
- https://ubuntu.com/security/CVE-2025-47914
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-47914.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-47914
- Upstream
- Published
- 2025-11-19T21:15:00Z
- Modified
- 2026-01-20T18:48:58.629507Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
- References
-
- https://ubuntu.com/security/CVE-2025-47914
- https://www.cve.org/CVERecord?id=CVE-2025-47914
- https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1
- https://github.com/golang/go/issues/76364
- https://go.dev/cl/721960
- https://go.dev/issue/76364
- https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
- https://pkg.go.dev/vuln/GO-2025-4135
- https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748
Affected packages
Ubuntu:20.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.67.1+20.04?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.41+19.10.1
2.42.1+20.04
2.43.3+git1.8109f8
2.44~pre1+20.04
2.44+20.04
2.44.2+20.04
2.44.3+20.04
2.45.1+20.04
2.45.1+20.04.2
2.46.1+20.04
2.47.1+20.04
2.48+20.04
2.48.3+20.04
2.49.2+20.04
2.51.1+20.04ubuntu2
2.54.2+20.04ubuntu2
2.54.3+20.04
2.54.3+20.04.1
2.54.3+20.04.1ubuntu0.1
2.54.3+20.04.1ubuntu0.2
2.54.3+20.04.1ubuntu0.3
2.55.5+20.04
2.57.5+20.04
2.57.5+20.04ubuntu0.1
2.58+20.04
2.58+20.04.1
2.61.3+20.04
2.62+20.04
2.63+20.04
2.63+20.04ubuntu0.1
2.65.3+20.04
2.66.1+20.04
2.67.1+20.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.67.1+20.04",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "snap-confine"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "snapd"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.67.1+20.04",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:22.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.73+ubuntu22.04?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.53+21.10ubuntu1
2.54.2+22.04ubuntu1
2.54.2+22.04ubuntu2
2.54.2+22.04ubuntu3
2.54.3+git19.g868fc21+22.04
2.54.3+git26.g360067e+22.04
2.55.2+22.04
2.55.2+22.04.1
2.55.3+22.04
2.55.3+22.04ubuntu1
2.55.5+22.04
2.56.2+22.04ubuntu1
2.57.4+22.04
2.57.5+22.04
2.57.5+22.04ubuntu0.1
2.58+22.04
2.58+22.04.1
2.61.3+22.04
2.62+22.04
2.63+22.04
2.63+22.04ubuntu0.1
2.65.3+22.04
2.66.1+22.04
2.67.1+22.04
2.68.5+ubuntu22.04.1
2.71+ubuntu22.04
2.72+ubuntu22.04
2.73+ubuntu22.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "snap-confine"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "snapd"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.73+ubuntu22.04",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:24.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.73+ubuntu24.04?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.60.4+23.10
2.61.3+24.04
2.62+24.04build1
2.63+24.04
2.63+24.04ubuntu0.1
2.63.1+24.04
2.65.3+24.04
2.66.1+24.04
2.67.1+24.04
2.68.5+ubuntu24.04.1
2.71+ubuntu24.04
2.72+ubuntu24.04
2.73+ubuntu24.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "snap-confine"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "snapd"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.73+ubuntu24.04",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:25.10
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto@1:0.25.0-1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.73+ubuntu25.10?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.67.1+25.04
2.68.5+ubuntu25.10.2
2.71+ubuntu25.10
2.71.1+ubuntu25.10.1
2.72+ubuntu25.10.2
2.73+ubuntu25.10
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "snap-confine"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "snapd"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.73+ubuntu25.10",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:Pro:16.04:LTS
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto@1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0~git20150608-1
1:0.0~git20151201.0.7b85b09-2
1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.20-0ubuntu4
0.21-0ubuntu3
0.21-0ubuntu5
0.22-0ubuntu1
0.22-0ubuntu2
0.23-0ubuntu1
0.23-0ubuntu2
0.23-0ubuntu3
0.24-0ubuntu2
0.24-0ubuntu3
0.24-0ubuntu4
0.25-0ubuntu1
0.26-0ubuntu2
0.26-0ubuntu3
0.27-0ubuntu1
0.27-0ubuntu2
2.*
2.0.0~beta1-0ubuntu3
2.0.0~beta1-0ubuntu4
2.0.0~beta2-0ubuntu1
2.0.0~beta2-0ubuntu2
2.0.0~beta3-0ubuntu1
2.0.0~beta3-0ubuntu2
2.0.0~beta3-0ubuntu3
2.0.0~beta3-0ubuntu4
2.0.0~beta4-0ubuntu1
2.0.0~beta4-0ubuntu2
2.0.0~beta4-0ubuntu3
2.0.0~beta4-0ubuntu4
2.0.0~beta4-0ubuntu5
2.0.0~beta4-0ubuntu6
2.0.0~beta4-0ubuntu7
2.0.0~rc1-0ubuntu1
2.0.0~rc1-0ubuntu2
2.0.0~rc1-0ubuntu3
2.0.0~rc2-0ubuntu2
2.0.0~rc2-0ubuntu3
2.0.0~rc3-0ubuntu1
2.0.0~rc3-0ubuntu2
2.0.0~rc3-0ubuntu3
2.0.0~rc3-0ubuntu4
2.0.0~rc4-0ubuntu1
2.0.0~rc5-0ubuntu1
2.0.0~rc6-0ubuntu1
2.0.0~rc6-0ubuntu2
2.0.0~rc7-0ubuntu1
2.0.0~rc7-0ubuntu2
2.0.0~rc8-0ubuntu1
2.0.0~rc8-0ubuntu2
2.0.0~rc8-0ubuntu3
2.0.0~rc8-0ubuntu5
2.0.0~rc8-0ubuntu6
2.0.0~rc8-0ubuntu7
2.0.0~rc9-0ubuntu2
2.0.0~rc9-0ubuntu3
2.0.0~rc9-0ubuntu4
2.0.0~rc9-0ubuntu5
2.0.0-0ubuntu1
2.0.0-0ubuntu2
2.0.0-0ubuntu3
2.0.0-0ubuntu4
2.0.1-0ubuntu1~16.04.1
2.0.2-0ubuntu1~16.04.1
2.0.3-0ubuntu1~ubuntu16.04.2
2.0.4-0ubuntu1~ubuntu16.04.1
2.0.5-0ubuntu1~ubuntu16.04.1
2.0.8-0ubuntu1~ubuntu16.04.1
2.0.8-0ubuntu1~ubuntu16.04.2
2.0.9-0ubuntu1~16.04.1
2.0.9-0ubuntu1~16.04.2
2.0.10-0ubuntu1~16.04.1
2.0.10-0ubuntu1~16.04.2
2.0.11-0ubuntu1~16.04.2
2.0.11-0ubuntu1~16.04.4
2.0.11-0ubuntu1~16.04.4+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "golang-github-lxc-lxd-dev"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxc2"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxd"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxd-client"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxd-tools"
}
]
}snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.61.4ubuntu0.16.04.1+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.9
1.9.1.1
1.9.2
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.5
2.0.8
2.0.9
2.0.10
2.11+0.16.04
2.12+0.16.04
2.13
2.14.2~16.04
2.15.2ubuntu1
2.16ubuntu3
2.17.1ubuntu1
2.20.1ubuntu1
2.21
2.22.2
2.22.3
2.22.6
2.23.1
2.24.1
2.25
2.26.10
2.27.5
2.28.5
2.29.4.2
2.32.3.2
2.32.9
2.33.1ubuntu2
2.34.2
2.34.2ubuntu0.1
2.37.4
2.37.4ubuntu0.1
2.38
2.39.2
2.39.2ubuntu0.2
2.40
2.42.1
2.45.1
2.45.1ubuntu0.2
2.46.1
2.47.1
2.48
2.48.3
2.54.3+16.04~esm2
2.54.3+16.04.0ubuntu0.1~esm3
2.54.3+16.04.0ubuntu0.1~esm4
2.54.3+16.04.0ubuntu0.1~esm5
2.54.3+16.04.0ubuntu0.1~esm6
2.61.4ubuntu0.16.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "snap-confine"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "snapd"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm1",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:Pro:18.04:LTS
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.18-0ubuntu6
2.19-0ubuntu1
2.20-0ubuntu3
2.20-0ubuntu4
2.21-0ubuntu1
2.21-0ubuntu2
2.21-0ubuntu3
2.21-0ubuntu4
3.*
3.0.0~beta2-0ubuntu3
3.0.0~beta3-0ubuntu3
3.0.0~beta5-0ubuntu2
3.0.0~beta7-0ubuntu1
3.0.0-0ubuntu1
3.0.0-0ubuntu2
3.0.0-0ubuntu3
3.0.0-0ubuntu4
3.0.1-0ubuntu1~18.04.1
3.0.2-0ubuntu1~18.04.1
3.0.3-0ubuntu1~18.04.1
3.0.3-0ubuntu1~18.04.2
3.0.3-0ubuntu1~18.04.2+esm1
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.61.4ubuntu0.18.04.1+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.28.5+17.10
2.29.4.1+18.04
2.29.4.2+18.04
2.31.1+18.04
2.32+18.04~pre5
2.32+18.04~pre6
2.32+18.04
2.32.3.2+18.04
2.32.5+18.04
2.32.8+18.04
2.32.9+18.04
2.33.1+18.04ubuntu2
2.34.2+18.04
2.34.2+18.04.1
2.37.1+18.04
2.37.1.1+18.04
2.37.4+18.04
2.37.4+18.04.1
2.38+18.04
2.39.2+18.04
2.40+18.04
2.42.1+18.04
2.45.1+18.04
2.45.1+18.04.2
2.46.1+18.04
2.47.1+18.04
2.48+18.04
2.48.3+18.04
2.49.2+18.04
2.51.1+18.04
2.54.2+18.04ubuntu1
2.54.3+18.04
2.54.3+18.04.2ubuntu0.1
2.54.3+18.04.2ubuntu0.2
2.55.5+18.04
2.57.5+18.04
2.57.5+18.04ubuntu0.1
2.58+18.04
2.58+18.04.1
2.61.4ubuntu0.18.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "snap-confine"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "snapd"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm1",
"binary_name": "ubuntu-snappy-cli"
}
]
}golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto@1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0~git20170629.0.5ef0053-1ubuntu1
1:0.0~git20170629.0.5ef0053-1ubuntu2
1:0.0~git20170629.0.5ef0053-2
1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1
Ubuntu:Pro:20.04:LTS
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto@1:0.0~git20200221.2aa609c-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0~git20190701.4def268-2
1:0.0~git20200221.2aa609c-1
1:0.0~git20200221.2aa609c-1ubuntu0.1~esm1
Ubuntu:Pro:22.04:LTS
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto@1:0.0~git20211202.5770296-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0~git20201221.eec23a3-1
1:0.0~git20211202.5770296-1
1:0.0~git20211202.5770296-1ubuntu0.1~esm1
Ubuntu:Pro:24.04:LTS
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto@1:0.19.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected