Bug 2224245 (CVE-2023-37788) - CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
Summary: CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
Keywords:
Status: NEW
Alias: CVE-2023-37788
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2224299 2224301 2224302 2224303 2224304 2224305 2224306 2224307 2224308 2224316 2224317 2224322 2225359 2224298 2224300 2224314 2224315
Blocks: 2220974
TreeView+ depends on / blocked
 
Reported: 2023-07-20 09:05 UTC by Vipul Nair
Modified: 2023-08-17 12:35 UTC (History)
64 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk "*".
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Vipul Nair 2023-07-20 09:05:23 UTC 
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.

https://github.com/elazarl/goproxy/issues/502
https://github.com/elazarl/goproxy
Comment 16 Avinash Hanwate 2023-07-25 04:43:22 UTC 
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 2225359]
Note You need to log in before you can comment on or make changes to this bug.