26 matches found
Design/Logic Flaw
The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...
CVE-2021-23351
The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...
CVE-2021-23351 Denial of Service (DoS)
The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...
CVE-2021-23351
CVE-2021-23351 affects github.com/pires/go-proxyproto prior to 0.5.0. The DoS arises from parseVersion1() where a default bufio.Reader over a net.Conn reads until a newline with no input size limit, allowing a deliberately malformed V1 header to exhaust memory on a server processing proxy protoco...
CVE-2021-23351
The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...
Pires go-proxyproto 安全漏洞
Pires go-proxyproto is Pires an open source application . It provides a secure way to transfer connection information securely across multiple layers of NAT or TCP proxies. A security vulnerability exists in github.com/pires/go-proxyproto before 0.5.0, which stems from a restriction that was not...