Skip to content

[Go v1.18] CVE-2025-47913: ssh/agent: return an error for unexpected message types#2

Open
Atharva-Shinde wants to merge 1 commit into
openshift-sustaining:sustaining-v0.24.0from
Atharva-Shinde:sustaining-v0.24.0
Open

[Go v1.18] CVE-2025-47913: ssh/agent: return an error for unexpected message types#2
Atharva-Shinde wants to merge 1 commit into
openshift-sustaining:sustaining-v0.24.0from
Atharva-Shinde:sustaining-v0.24.0

Conversation

@Atharva-Shinde

Copy link
Copy Markdown
git checkout tags/v0.24.0
git checkout -b sustaining-v0.24.0 tags/v0.24.0
curl -L -o CVE.patch "https://go-review.googlesource.com/changes/crypto~700295/revisions/3/patch?download&raw"
git am CVE.patch

CVE.patch

Previously, receiving an unexpected message type in response to a key
listing or a signing request could cause a panic due to a failed type
assertion.

This change adds a default case to the type switch in order to detect
and explicitly handle unknown or invalid message types, returning a
descriptive error instead of crashing.

Fixes golang/go#75178

Change-Id: Icbc3432adc79fe3c56b1ff23c6724d7a6f710f3a
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/700295
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Jakub Ciolek <jakub@ciolek.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants