2 matches found
CVE-2021-23351
CVE-2021-23351 affects github.com/pires/go-proxyproto prior to 0.5.0. The DoS arises from parseVersion1() where a default bufio.Reader over a net.Conn reads until a newline with no input size limit, allowing a deliberately malformed V1 header to exhaust memory on a server processing proxy protoco...
CVE-2021-23409
CVE-2021-23409 affects the Go package github.com/pires/go-proxyproto, specifically versions before 0.6.0. The vulnerability enables Denial of Service by allowing connections without the proxy protocol header to be established, leading to resource exhaustion. Public advisories confirm this issue a...