CVE-2019-14243

Name of the Vulnerable Software and Affected Versions mastercactapus proxyprotocol versions prior to 0.0.2 mastercactapus caddy-proxyprotocol plugin versions prior to 0.0.2 for Caddy

Description The issue allows remote attackers to cause a denial of service, resulting in a webserver panic and daemon crash. This can be achieved by sending a crafted HAProxy PROXY v2 request with truncated source/destination address data. The problem occurs when handling invalid HAProxy PROXY v2 requests.

Recommendations For mastercactapus proxyprotocol versions prior to 0.0.2, update to version 0.0.2 or later to resolve the issue. For mastercactapus caddy-proxyprotocol plugin versions prior to 0.0.2 for Caddy, update to version 0.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the github.com/mastercactapus/proxyprotocol module to minimize the risk of exploitation.