Lucene search
+L

26 matches found

Prion
Prion
added 2021/03/08 5:15 a.m.19 views

Design/Logic Flaw

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4CVSS4.9AI score0.01871EPSS
Exploits0References6Affected Software2
Debian CVE
Debian CVE
added 2021/03/08 4:45 a.m.19 views

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5AI score0.01871EPSS
Exploits0
Cvelist
Cvelist
added 2021/03/08 4:45 a.m.54 views

CVE-2021-23351 Denial of Service (DoS)

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.4CVSS5.3AI score0.01871EPSS
Exploits0References6
CVE
CVE
added 2021/03/08 4:45 a.m.91 views

CVE-2021-23351

CVE-2021-23351 affects github.com/pires/go-proxyproto prior to 0.5.0. The DoS arises from parseVersion1() where a default bufio.Reader over a net.Conn reads until a newline with no input size limit, allowing a deliberately malformed V1 header to exhaust memory on a server processing proxy protoco...

4.9CVSS4.6AI score0.01871EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/08 4:40 a.m.7 views

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5.7AI score0.01871EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/03/08 12:0 a.m.8 views

Pires go-proxyproto 安全漏洞

Pires go-proxyproto is Pires an open source application . It provides a secure way to transfer connection information securely across multiple layers of NAT or TCP proxies. A security vulnerability exists in github.com/pires/go-proxyproto before 0.5.0, which stems from a restriction that was not...

4.9CVSS5.3AI score0.01871EPSS
Exploits0References7
Rows per page
Query Builder