{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-03-08T04:40:53.457117Z", "ID": "CVE-2021-23351", "STATE": "PUBLIC", "TITLE": "Denial of Service (DoS)" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "github.com/pires/go-proxyproto", "version": { "version_data": [ { "version_affected": "<", "version_value": "0.5.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service (DoS)" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577", "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577" }, { "refsource": "MISC", "url": "https://github.com/pires/go-proxyproto/pull/71", "name": "https://github.com/pires/go-proxyproto/pull/71" }, { "refsource": "MISC", "url": "https://github.com/pires/go-proxyproto/issues/69", "name": "https://github.com/pires/go-proxyproto/issues/69" }, { "refsource": "MISC", "url": "https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b", "name": "https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b" }, { "refsource": "FEDORA", "name": "FEDORA-2021-e01c1fe4cc", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BNVGJMVI3ZTZ675EFPUHPGXCKCGSX46/" }, { "refsource": "FEDORA", "name": "FEDORA-2021-f5fcd9b0c1", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36IBVOZXRTWM7MGTRUTOM56P5RR74VU/" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code - and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers." } ] }, "impact": { "cvss": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" } }, "credit": [ { "lang": "eng", "value": "Iestyn Elfick" } ] }