CVE-2025-1386
ADVISORY - githubSummary
Impact
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.
Patches
If you are using ch-go library, we recommend you to update to at least version 0.65.0.
Credit
This issue was found by lixts and reported through our bugcrowd program.
EPSS Score: 0.00068 (0.207)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
ADVISORY - github
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-1386
EXPLOITABILITY SCORE
1.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-m454-3xv7-qj85
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumGoLang
CREATED
UPDATED
ADVISORY IDGO-2025-3603
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-2j7r-x93g-xhrg
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-554v-v9mj-m2px
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-62c5-m232-w53j
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-9cgj-jfwg-8fqm
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-