CVE-2025-47907 – stdlib

Package

Manager: go
Name: stdlib
Vulnerable Version: >=0 <1.23.12

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00054 pctl0.16856

Details

Incorrect results returned from Rows.Scan in database/sql Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Metadata

Created: 2025-08-07T15:07:27Z
Modified: 2025-08-11T06:27:06.746398Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F124
Auto approve: 1