Lucene search
Veracode Vulnerability DatabaseVERACODE:29597HistoryMar 09, 2021 - 2:55 a.m.
Denial Of Service(DoS)
2021-03-0902:55:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
github.com/pires/go-proxyproto
vulnerability
parseversion1
denial of service
memory exhaustion
EPSS
0.002
Percentile
51.7%
github.com/pires/go-proxyproto is vulnerable to denial of service (DoS). The vulnerability exists as the function parseVersion1 does not restrict parsing of data until it founds a newline or target stops acknowledging, allowing an attacker to send malicious proxy protocol V1 header to cause a memory exhaustion.
References
github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b
github.com/pires/go-proxyproto/issues/69
github.com/pires/go-proxyproto/pull/71
github.com/pires/go-proxyproto/releases/tag/v0.5.0
lists.fedoraproject.org/archives/list/[email protected]/message/4BNVGJMVI3ZTZ675EFPUHPGXCKCGSX46/
lists.fedoraproject.org/archives/list/[email protected]/message/C36IBVOZXRTWM7MGTRUTOM56P5RR74VU/
Related
osv
osv
CVE-2021-23351
2021-03-08 05:15:12
github.com/pires/go-proxyproto denial of service vulnerability
2021-05-18 21:07:43
ubuntucve
ubuntucve
CVE-2021-23351
2021-03-08 00:00:00
openvas
openvas
fedora
fedora
[SECURITY] Fedora 34 Update: golang-github-pires-proxyproto-0.5.0-1.fc34
2021-03-19 20:31:02
[SECURITY] Fedora 33 Update: golang-github-pires-proxyproto-0.5.0-1.fc33
2021-03-17 02:18:44
cvelist
cvelist
CVE-2021-23351 Denial of Service (DoS)
2021-03-08 04:45:23
cve
cve
CVE-2021-23351
2021-03-08 05:15:12
nessus
nessus
Fedora 33 : golang-github-pires-proxyproto (2021-e01c1fe4cc)
2021-03-17 00:00:00
prion
prion
Design/Logic Flaw
2021-03-08 05:15:00
debiancve
debiancve
CVE-2021-23351
2021-03-08 05:15:12
github
github
github.com/pires/go-proxyproto denial of service vulnerability
2021-05-18 21:07:43
nvd
nvd
CVE-2021-23351
2021-03-08 05:15:12