Denial of Service in Caddy Proxy Protocol Plugin by MasterCactapus
CVE-2019-14243

7.5HIGH

Key Information:

Vendor

Haproxy

Status
Proxyprotocol
Vendor
CVE Published:
23 July 2019

What is CVE-2019-14243?

The mastercactapus proxyprotocol prior to version 0.0.2, as utilized by the mastercactapus caddy-proxyprotocol plugin, is vulnerable to a Denial of Service attack. Attackers can exploit this flaw by sending a specially crafted HAProxy PROXY v2 request containing truncated source or destination address data, which results in a panic of the web server and subsequent crash of the daemon.

References

https://caddy.community/t/dos-in-http-proxyprotocol-plugi...
x_refsource_MISC
https://github.com/mastercactapus/proxyprotocol/issues/1
x_refsource_MISC
https://github.com/mastercactapus/caddy-proxyprotocol/iss...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.