Lucene search
SnykCVELIST:CVE-2021-23351HistoryMar 08, 2021 - 12:00 a.m.
CVE-2021-23351 Denial of Service (DoS)
2021-03-0800:00:00
snyk
raw.githubusercontent.com
2
The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code - and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers.
Related
veracode
veracode
Denial Of Service(DoS)
2021-03-09 02:55:16
osv
osv
CVE-2021-23351
2021-03-08 05:15:12
github.com/pires/go-proxyproto denial of service vulnerability
2021-05-18 21:07:43
ubuntucve
ubuntucve
CVE-2021-23351
2021-03-08 00:00:00
prion
prion
Design/Logic Flaw
2021-03-08 05:15:00
nessus
nessus
Fedora 33 : golang-github-pires-proxyproto (2021-e01c1fe4cc)
2021-03-17 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: golang-github-pires-proxyproto-0.5.0-1.fc33
2021-03-17 02:18:44
[SECURITY] Fedora 34 Update: golang-github-pires-proxyproto-0.5.0-1.fc34
2021-03-19 20:31:02
openvas
openvas
debiancve
debiancve
CVE-2021-23351
2021-03-08 05:15:00
github
github
github.com/pires/go-proxyproto denial of service vulnerability
2021-05-18 21:07:43
cve
cve
CVE-2021-23351
2021-03-08 05:15:00