CVE-2025-47907

EUVD-2025-23921
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.23.12
golanggo
1.24.0 ≤
𝑥
< 1.24.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
postponed
golang-1.19
bookworm
no-dsa
golang-1.24
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
azure-storage-azcopy
suse enterprise server 15 SP4
10.32.4-150400.9.11.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
go-toolset
RHEL 9
0:1.24.6-1.el9_6
fixed
golang
RHEL 9
0:1.24.6-1.el9_6
fixed
golang-bin
RHEL 9
0:1.24.6-1.el9_6
fixed
golang-docs
RHEL 9
0:1.24.6-1.el9_6
fixed
golang-misc
RHEL 9
0:1.24.6-1.el9_6
fixed
golang-race
RHEL 9
0:1.24.6-1.el9_6
fixed
golang-src
RHEL 9
0:1.24.6-1.el9_6
fixed
golang-tests
RHEL 9
0:1.24.6-1.el9_6
fixed
podman
RHEL 9
6:5.6.0-6.el9_7
fixed
podman-docker
RHEL 9
6:5.6.0-6.el9_7
fixed
podman-plugins
RHEL 9
6:5.6.0-6.el9_7
fixed
podman-remote
RHEL 9
6:5.6.0-6.el9_7
fixed
podman-tests
RHEL 9
6:5.6.0-6.el9_7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
golang
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
golang-bin
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
golang-docs
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
golang-misc
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
golang-shared
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
golang-src
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
golang-tests
Amazon Linux 2
0:1.24.6-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.6-1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
golang
Azure Linux 3.0
0:0.0.0.azl3
fixed
CBL-Mariner 2.0
0:1.18.0.cm2
fixed