CVE-2024-35175

Name of the Vulnerable Software and Affected Versions sshpiper versions 1.0.50 through 1.2.x

Description The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. This means that any connection that sshpiper is directly or indirectly exposed to can use proxy protocol to forge its source address, potentially making logs less useful for whitelisting, rate limiting, or security investigations.

Recommendations For versions 1.0.50 through 1.2.x, upgrade to version 1.3.0 to patch the issue. As a temporary workaround, consider disabling the proxy protocol listener until a patch is available. Restrict access to sshpiper to minimize the risk of exploitation, ensuring it is only accessible in trusted environments.