CVE-2013-10005: Loop with Unreachable Exit Condition ('Infinite Loop')

December 28, 2022 (updated January 9, 2023)

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

References

github.com/advisories/GHSA-gxgj-xjcw-fv9p
github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc
nvd.nist.gov/vuln/detail/CVE-2013-10005
pkg.go.dev/vuln/GO-2020-0024

Detect and mitigate CVE-2013-10005 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →