data/reports/GO-2020-0024.yaml

id: GO-2020-0024
modules:
    - module: github.com/btcsuite/go-socks
      versions:
        - fixed: 0.0.0-20130808000456-233bccbb1abe
      vulnerable_at: 0.0.0-20130225212758-6dca7033f514
      packages:
        - package: github.com/btcsuite/go-socks
          symbols:
            - proxiedConn.LocalAddr
            - proxiedConn.RemoteAddr
    - module: github.com/btcsuitereleases/go-socks
      versions:
        - fixed: 0.0.0-20130808000456-233bccbb1abe
      vulnerable_at: 0.0.0-20130225212758-6dca7033f514
      packages:
        - package: github.com/btcsuitereleases/go-socks
          symbols:
            - proxiedConn.LocalAddr
            - proxiedConn.RemoteAddr
summary: Infinite loop in github.com/btcsuite/go-socks
description: |-
    The RemoteAddr and LocalAddr methods on the returned net.Conn may call
    themselves, leading to an infinite loop which will crash the program due to a
    stack overflow.
published: 2021-04-14T20:04:52Z
ghsas:
    - GHSA-gxgj-xjcw-fv9p
references:
    - fix: https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc
cve_metadata:
    id: CVE-2013-10005
    cwe: 'CWE 400: Uncontrolled Resource Consumption'
review_status: REVIEWED