GHSA-xcf7-q56x-78gh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xcf7-q56x-78gh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-xcf7-q56x-78gh/GHSA-xcf7-q56x-78gh.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xcf7-q56x-78gh
- Aliases
- Published
- 2021-07-26T21:23:49Z
- Modified
- 2025-01-08T07:57:15.473535Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion
- Details
-
The package
github.com/pires/go-proxyprotobefore 0.6.1 is vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. While this issue was patched in 0.6.0, the fix introduced additional issues which were subsequently patched in 0.6.1. - Database specific
{ "cwe_ids": [ "CWE-400" ], "nvd_published_at": "2021-07-21T07:15:00Z", "github_reviewed_at": "2021-07-26T17:31:53Z", "github_reviewed": true, "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-23409
- https://github.com/pires/go-proxyproto/issues/65
- https://github.com/pires/go-proxyproto/issues/75
- https://github.com/pires/go-proxyproto/pull/74
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
- https://github.com/pires/go-proxyproto/pull/76
- https://github.com/pires/go-proxyproto/commit/2e44d7a76a851d66890ab341403253afae5caac2
- https://github.com/pires/go-proxyproto
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.1
- https://pkg.go.dev/vuln/GO-2022-0233
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
Affected packages
Go / github.com/pires/go-proxyproto
Package
- Name
- github.com/pires/go-proxyproto
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/pires/go-proxyproto