CVE-2023-29013

EPSS 3.26%
Published 14.04.2023 19:15:09
Last modified 13.02.2025 17:16:17
Source security-advisories@github.com
Teams watchlist Login
Open Login

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Traefik ≫ Traefik Version < 2.9.10

Traefik ≫ Traefik Version2.10.0 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.26%	0.866

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49

Patch

https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2

Release Notes

https://github.com/traefik/traefik/releases/tag/v2.9.10

Release Notes

https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230517-0008/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29013

EUVD