GHSA-gxgj-xjcw-fv9p

Source

https://github.com/advisories/GHSA-gxgj-xjcw-fv9p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-gxgj-xjcw-fv9p/GHSA-gxgj-xjcw-fv9p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gxgj-xjcw-fv9p

Aliases

CVE-2013-10005
GO-2020-0024

Published

2022-12-28T00:30:23Z

Modified

2023-11-08T03:57:13.970387Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

socks Infinite Loop vulnerability

Details

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

Database specific

{
    "nvd_published_at": "2022-12-27T22:15:00Z",
    "github_reviewed_at": "2023-01-09T21:48:38Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Go / github.com/btcsuite/go-socks

Package

Name: github.com/btcsuite/go-socks; View open source insights on deps.dev
Purl: pkg:golang/github.com/btcsuite/go-socks

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20130808000456-233bccbb1abe

Go / github.com/btcsuitereleases/go-socks

Package

Name: github.com/btcsuitereleases/go-socks; View open source insights on deps.dev
Purl: pkg:golang/github.com/btcsuitereleases/go-socks

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.0-20130808000456-233bccbb1abe