{"ecosystem":"go","package":"github.com/sagernet/sing-box","version":null,"bugs":[{"id":6567,"ecosystem":"go","package_name":"github.com/sagernet/sing-box","affected_version":null,"fixed_version":"1.4.5","bug_id":"osv:GHSA-r5hm-mp3j-285g","title":"sing-box vulnerable to improper authentication in the SOCKS inbound","description":"### Impact\n\nThis vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication.\n\n### Patches\n\nUpdate to sing-box 1.4.5 or 1.5.0-rc.5 and later versions.\n\n### Workarounds\n\nDon't expose the SOCKS5 inbound to insecure environments.\n","severity":"critical","status":"fixed","source":"osv","source_url":"https://github.com/SagerNet/sing-box/security/advisories/GHSA-r5hm-mp3j-285g","labels":["CVE-2023-43644","GO-2023-2077"],"created_at":"2026-04-26 03:02:30.643005+00:00","updated_at":"2026-04-26 03:02:30.643005+00:00"}],"total":1,"_cache":"hit"}