ALT-PU-2025-10187-2

Package update golang in branch sisyphus

Version1.24.6-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (4)

HIGH7.0

Уязвимость языка программирования Go, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-09-08Modified: 2026-03-20

CVSS 3.xHIGH 7.0

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CVSS 2.0MEDIUM 6.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:P/A:P

References

CVE-2025-47907

MEDIUM6.5

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

Published: 2025-09-24Modified: 2026-02-17

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

CVE-2025-47906

MEDIUM6.5

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Published: 2025-09-18Modified: 2026-01-27

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

References

HIGH7.0

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Published: 2025-08-07Modified: 2026-01-29

CVSS 3.xHIGH 7.0

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

References