GitHub Advisory DatabaseGHSA-XCF7-Q56X-78GHgithub.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion
0.002 Low
EPSS
Percentile
55.6%
The package github.com/pires/go-proxyproto before 0.6.1 is vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. While this issue was patched in 0.6.0, the fix introduced additional issues which were subsequently patched in 0.6.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/pires/go-proxyproto | lt | 0.6.1 |
References
github.com/advisories/GHSA-xcf7-q56x-78gh
github.com/pires/go-proxyproto/commit/2e44d7a76a851d66890ab341403253afae5caac2
github.com/pires/go-proxyproto/issues/65
github.com/pires/go-proxyproto/issues/75
github.com/pires/go-proxyproto/pull/74
github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
github.com/pires/go-proxyproto/pull/76
github.com/pires/go-proxyproto/releases/tag/v0.6.0
github.com/pires/go-proxyproto/releases/tag/v0.6.1
nvd.nist.gov/vuln/detail/CVE-2021-23409
pkg.go.dev/vuln/GO-2022-0233
snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
Related
