CVE-2025-1386

ADVISORY - github

Summary

Impact

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

Patches

If you are using ch-go library, we recommend you to update to at least version 0.65.0.

Credit

This issue was found by lixts and reported through our bugcrowd program.

EPSS Score⁠: 0.00068 (0.207)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-444⁠

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

ADVISORY - github

CWE-444⁠

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.