PT-2021-6597 · Pypi+1 · Go-Proxyproto+1

Tecnobrat

Published

2021-01-27

Updated

2022-07-01

CVE-2021-23409

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions github.com/pires/go-proxyproto versions prior to 0.6.0

Description The vulnerability in the github.com/pires/go-proxyproto library is related to the lack of a timeout when waiting for the proxy protocol header. This allows a remote attacker to cause a denial of service by creating connections without the proxy protocol header, leading to resource exhaustion. The issue can be exploited by opening many connections and sending no data on them.

Recommendations For versions prior to 0.6.0, update to version 0.6.0 or later to resolve the issue. Additionally, consider configuring a user-defined header timeout to prevent similar issues in the future. As a temporary workaround, consider restricting access to the PROXY protocol server to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2022-01863

CVE-2021-23409

GHSA-XCF7-Q56X-78GH

GO-2022-0233

SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439

Affected Products

Debian

Go-Proxyproto

PT-2021-6597 · Pypi+1 · Go-Proxyproto+1

CVE-2021-23409

Weakness Enumeration

Related Identifiers

Affected Products

References · 24