7
CVE-2025-47907
- EPSS 0.36%
- Veröffentlicht 07.08.2025 15:25:30
- Zuletzt bearbeitet 29.01.2026 19:11:50
- Quelle security@golang.org
- CVE-Watchlists
- Unerledigt
Incorrect results returned from Rows.Scan in database/sql
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.276 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://go.dev/cl/693735
https://go.dev/issue/74831
https://groups.google.com/g/golang-announce/c/x5MKroML2yM
https://pkg.go.dev/vuln/GO-2025-3849
http://www.openwall.com/lists/oss-security/2025/08/06/1