7 matches found
GO-2025-3588 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla...
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Summary The PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used. Details When ProxyOn is enabled, it looks like the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protoc...
CVE-2025-31135
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...
PT-2025-14443
Name of the Vulnerable Software and Affected Versions Go-Guerrilla SMTP Daemon versions prior to 1.6.7 Description The issue allows a client to spoof its IP address when the proxy protocol is being used. This occurs because the PROXY command is accepted multiple times, with later invocations...