CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data.

Date published : 2019-07-23

https://caddy.community/t/dos-in-http-proxyprotocol-plugin/6014

https://github.com/mastercactapus/caddy-proxyprotocol/issues/8