CVE-2024-35175: sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address.
References
- github.com/advisories/GHSA-4w53-6jvp-gg52
- github.com/tg123/sshpiper
- github.com/tg123/sshpiper/commit/2ddd69876a1e1119059debc59fe869cb4e754430
- github.com/tg123/sshpiper/commit/70fb830dca26bea7ced772ce5d834a3e88ae7f53
- github.com/tg123/sshpiper/security/advisories/GHSA-4w53-6jvp-gg52
- nvd.nist.gov/vuln/detail/CVE-2024-35175
Detect and mitigate CVE-2024-35175 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →