PT-2023-22086 · Traefik+2 · Traefik+2

Nmengin

Published

2023-04-07

Updated

2024-06-24

CVE-2023-29013

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.9.10 Traefik versions prior to 2.10.0-rc2

Description There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service.

Recommendations For versions prior to 2.9.10, update to version 2.9.10 or later to resolve the issue. For versions prior to 2.10.0-rc2, update to version 2.10.0-rc2 or later to resolve the issue.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2023-1587

ALT-PU-2023-1635

ALT-PU-2023-7095

CVE-2023-29013

ECHO-F5D5-6383-3505

GHSA-7HJ9-RV74-5G92

OPENSUSE-SU-2024:13007-1

OPENSUSE-SU-2024:14076-1

Affected Products

Alt Linux

Traefik

PT-2023-22086 · Traefik+2 · Traefik+2

CVE-2023-29013

Weakness Enumeration

Related Identifiers

Affected Products

References · 31