CVE-2025-47907

Sažetak

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Reference

https://go.dev/cl/693735
https://go.dev/issue/74831
https://groups.google.com/g/golang-announce/c/x5MKroML2yM
https://pkg.go.dev/vuln/GO-2025-3849
http://www.openwall.com/lists/oss-security/2025/08/06/1

CVSS

Base:	7.0
Impact:	4.7
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Zadnje važnije ažuriranje

29-01-2026 - 19:11

Objavljeno

07-08-2025 - 16:15