CVE-2021-23409

EUVD-2021-1500
The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
snykCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
go-proxyproto_projectgo-proxyproto
𝑥
< 0.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-github-pires-go-proxyproto
bookworm
0.4.2-3
fixed
bullseye
no-dsa
sid
0.7.0-1
fixed
trixie
0.7.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-github-pires-go-proxyproto
bionic
dne
focal
dne
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
ignored
References
https://github.com/pires/go-proxyproto/issues/65
https://github.com/pires/go-proxyproto/pull/74
https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
https://github.com/pires/go-proxyproto/issues/65
https://github.com/pires/go-proxyproto/pull/74
https://github.com/pires/go-proxyproto/pull/74/commits/cdc63867da24fc609b727231f682670d0d1cd346
https://github.com/pires/go-proxyproto/releases/tag/v0.6.0
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439