PT-2022-24859 · Traefik+1 · Traefik+1

Nmengin

Published

2022-10-10

Updated

2023-07-14

CVE-2022-39271

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.8.8 Traefik versions prior to 2.9.0-rc5

Description There is a potential issue in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service.

Recommendations For versions prior to 2.8.8, update to version 2.8.8 or later. For versions prior to 2.9.0-rc5, update to version 2.9.0-rc5 or later. As a temporary workaround, consider restricting the use of HTTP/2 connections until a patch is applied.

Exploit

Fix

DoS

Improper Handling of Exceptional Conditions

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-400

Related Identifiers

ALT-PU-2022-2918

ALT-PU-2022-2952

CVE-2022-39271

ECHO-A0FE-769B-5C5B

GHSA-C6HX-PJC3-7FQR

Affected Products

Alt Linux

Traefik

PT-2022-24859 · Traefik+1 · Traefik+1

CVE-2022-39271

Weakness Enumeration

Related Identifiers

Affected Products

References · 9