CVE-2026-47071

SOCKS5 TLS upgrade ignores caller timeout in hackney

Previous Page: « Back to all CVEs Next Page: See on OSV.dev »

Weakness Type (CWE)

CWE-400 — CWE-400 Uncontrolled Resource Consumption

CAPEC

• CAPEC-130 — CAPEC-130 Excessive Allocation

CVSS 4.0 Score

8.2

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Vulnerability description

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding.

The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which defaults to an infinite timeout. The Timeout value is in scope at the call site but is not forwarded. A hostile SOCKS5 proxy that completes the SOCKS5 handshake normally and then goes silent (or sends a partial TLS ServerHello and stalls) will cause the connecting process to block indefinitely, regardless of the connect_timeout or recv_timeout options supplied by the caller.

This issue affects hackney: from 0.10.0 before 4.0.1.

Affected

pkg:hex/hackney

Module	Source File	Routine
hackney_socks5	src/hackney_socks5.erl	hackney_socks5:connect/4

Status	Type	Version	Changes / Fixed in
affected	semver ⓘ	0.10.0	< 4.0.1

pkg:github/benoitc/hackney

Module	Source File	Routine
hackney_socks5	src/hackney_socks5.erl	hackney_socks5:connect/4

Status	Type	Version	Changes / Fixed in
affected	git ⓘ	34cdbd1d20	< 5ccdab725c

References

• https://github.com/benoitc/hackney/security/advisories/GHSA-gp9c-pm5m-5cxr vendor-advisory related
• https://osv.dev/vulnerability/EEF-CVE-2026-47071 related
• https://github.com/benoitc/hackney/commit/5ccdab725c561a6f03d05a51f2d0664f98236dae patch

Credits

• Finder: Peter Ullrich
• Remediation developer: Benoit Chesneau
• Analyst: Jonatan Männchen

CVE record as JSON:  GET /cves/CVE-2026-47071.json
OSV record as JSON:  GET /osv/EEF-CVE-2026-47071.json