github.com/pires/go-proxyproto is vulnerable to denial of service (DoS). The vulnerability exists as the function parseVersion1
does not restrict parsing of data until it founds a newline or target stops acknowledging, allowing an attacker to send malicious proxy protocol V1 header to cause a memory exhaustion.
github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b
github.com/pires/go-proxyproto/issues/69
github.com/pires/go-proxyproto/pull/71
github.com/pires/go-proxyproto/releases/tag/v0.5.0
lists.fedoraproject.org/archives/list/[email protected]/message/4BNVGJMVI3ZTZ675EFPUHPGXCKCGSX46/
lists.fedoraproject.org/archives/list/[email protected]/message/C36IBVOZXRTWM7MGTRUTOM56P5RR74VU/