CVE-2025-47907

EPSS 0.02%
Veröffentlicht 07.08.2025 15:25:30
Zuletzt bearbeitet 29.01.2026 19:11:50
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

Incorrect results returned from Rows.Scan in database/sql

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.23.12

Golang ≫ Go Version >= 1.24.0 < 1.24.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.051

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://go.dev/cl/693735

Patch

https://go.dev/issue/74831

Third Party Advisory

Issue Tracking

https://groups.google.com/g/golang-announce/c/x5MKroML2yM

Mailing List

Release Notes

https://pkg.go.dev/vuln/GO-2025-3849

Vendor Advisory

http://www.openwall.com/lists/oss-security/2025/08/06/1

Mailing List