CVE-2025-47914

Public on 2025-11-19
Modified on 2025-11-21
Description
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent 2026-01-05 ALAS2-2025-3120 Fixed
Amazon Linux 2023 amazon-cloudwatch-agent 2026-01-07 ALAS2023-2025-1358 Fixed
Amazon Linux 2 - Core amazon-ssm-agent Not Affected
Amazon Linux 2023 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core cni-plugins Not Affected
Amazon Linux 2023 cni-plugins Not Affected
Amazon Linux 2 - Docker Extra containerd 2026-01-05 ALAS2DOCKER-2025-093 Fixed
Amazon Linux 2 - Ecs Extra containerd 2026-01-05 ALAS2ECS-2025-091 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2026-01-05 ALAS2NITRO-ENCLAVES-2025-083 Fixed
Amazon Linux 2 - Core cri-tools Not Affected
Amazon Linux 2 - Docker Extra docker 2026-01-22 ALAS2DOCKER-2026-095 Fixed
Amazon Linux 2 - Ecs Extra docker 2026-01-05 ALAS2ECS-2025-090 Fixed
Amazon Linux 2 - Ecs Extra docker 2026-01-22 ALAS2ECS-2026-094 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker 2026-01-22 ALAS2NITRO-ENCLAVES-2026-085 Fixed
Amazon Linux 2023 docker 2026-01-07 ALAS2023-2025-1340 Fixed
Amazon Linux 2 - Ecs Extra ecs-init Not Affected
Amazon Linux 2023 ecs-init Not Affected
Amazon Linux 2 - Core golang Not Affected
Amazon Linux 2 - Core golang-github-cpuguy83-go-md2man Not Affected
Amazon Linux 2 - Core nerdctl 2026-02-05 ALAS2-2026-3155 Fixed
Amazon Linux 2023 nerdctl 2026-02-05 ALAS2023-2026-1400 Fixed
Amazon Linux 2 - Docker Extra runfinch-finch 2026-01-05 ALAS2DOCKER-2025-092 Fixed
Amazon Linux 2023 runfinch-finch 2026-01-07 ALAS2023-2025-1336 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2025-47914 Mitre: CVE-2025-47914