PT-2023-22086 · Traefik+2 · Traefik+2

Nmengin

Publicado

2023-04-07

Atualizado

2024-06-24

CVE-2023-29013

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.9.10 Traefik versions prior to 2.10.0-rc2

Description There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service.

Recommendations For versions prior to 2.9.10, update to version 2.9.10 or later to resolve the issue. For versions prior to 2.10.0-rc2, update to version 2.10.0-rc2 or later to resolve the issue.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2023-1587

ALT-PU-2023-1635

ALT-PU-2023-7095

CVE-2023-29013

ECHO-F5D5-6383-3505

GHSA-7HJ9-RV74-5G92

OPENSUSE-SU-2024:13007-1

OPENSUSE-SU-2024:14076-1

Produtos afetados

Alt Linux

Traefik

PT-2023-22086 · Traefik+2 · Traefik+2

CVE-2023-29013

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31