The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Go-proxyproto | Go-proxyproto_project | * | 0.6.0 (excluding) |
| Golang-github-pires-go-proxyproto | Ubuntu | esm-apps/jammy | * |
| Golang-github-pires-go-proxyproto | Ubuntu | hirsute | * |
| Golang-github-pires-go-proxyproto | Ubuntu | impish | * |
| Golang-github-pires-go-proxyproto | Ubuntu | jammy | * |
| Golang-github-pires-go-proxyproto | Ubuntu | kinetic | * |
| Golang-github-pires-go-proxyproto | Ubuntu | lunar | * |
| Golang-github-pires-go-proxyproto | Ubuntu | mantic | * |
| Golang-github-pires-go-proxyproto | Ubuntu | trusty | * |
| Golang-github-pires-go-proxyproto | Ubuntu | upstream | * |
| Golang-github-pires-go-proxyproto | Ubuntu | xenial | * |
References
- https://github.com/pires/go-proxyproto/issues/65
- https://github.com/pires/go-proxyproto/pull/74
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
- https://github.com/pires/go-proxyproto/issues/65
- https://github.com/pires/go-proxyproto/pull/74
- https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
- https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439