10 matches found
IP Address Spoofing
github.com/phires/go-guerrilla is vulnerable to IP address spoofing. The vulnerability is due to improper enforcement of the PROXY protocol due to the server accepting multiple PROXY commands, allowing clients to override the original IP address...
GO-2025-3588 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla...
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Summary The PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used. Details When ProxyOn is enabled, it looks like the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protoc...
CVE-2025-31135
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135
CVE-2025-31135 affects Go-Guerrilla SMTP Daemon. Before version 1.6.7, when ProxyOn is enabled, the PROXY command may be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol supports only a single initial PROXY header; subsequent PROXY commands are treated a...
Go-Guerrilla 输入验证错误漏洞
Go-Guerrilla is a lightweight SMTP server written in Go by the individual developer Philipp Resch. An input validation error vulnerability exists in Go-Guerrilla versions prior to 1.6.7, which stems from the PROXY command being accepted multiple times when ProxyOn is enabled, potentially leading ...
PT-2025-14443
Name of the Vulnerable Software and Affected Versions Go-Guerrilla SMTP Daemon versions prior to 1.6.7 Description The issue allows a client to spoof its IP address when the proxy protocol is being used. This occurs because the PROXY command is accepted multiple times, with later invocations...