Lucene search

K

GoogleOSV:GHSA-XCF7-Q56X-78GH

HistoryJul 26, 2021 - 9:23 p.m.

github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion

2021-07-2621:23:49

Google

osv.dev

9

vulnerability

denial of service

github.com/pires/go-proxyproto

EPSS

0.002

Percentile

55.8%

The package github.com/pires/go-proxyproto before 0.6.1 is vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. While this issue was patched in 0.6.0, the fix introduced additional issues which were subsequently patched in 0.6.1.

References

github.com/pires/go-proxyproto

github.com/pires/go-proxyproto/commit/2e44d7a76a851d66890ab341403253afae5caac2

github.com/pires/go-proxyproto/issues/65

github.com/pires/go-proxyproto/issues/75

github.com/pires/go-proxyproto/pull/74

github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346

github.com/pires/go-proxyproto/pull/76

github.com/pires/go-proxyproto/releases/tag/v0.6.0

github.com/pires/go-proxyproto/releases/tag/v0.6.1

nvd.nist.gov/vuln/detail/CVE-2021-23409

pkg.go.dev/vuln/GO-2022-0233

snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439

EPSS

0.002

Percentile

55.8%

Related for OSV:GHSA-XCF7-Q56X-78GH

cvelist1 osv2 nvd1 github1 cve1 debiancve1 prion1 ubuntucve1