Vulnerability CVE-2023-29013: Information

Description

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-29013
Published: April 14, 2023
Modified: May 26, 2023
Error type identifier: CWE-400

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
traefiksisyphus2.9.10-alt12.11.3-alt1ALT-PU-2023-1587-1318160Fixed
traefiksisyphus_riscv642.9.10-alt12.11.3-alt1ALT-PU-2023-3128-1-Fixed
traefikp102.9.10-alt12.10.7-alt1ALT-PU-2023-1635-1318162Fixed
traefikc10f12.9.10-alt12.10.7-alt1ALT-PU-2023-1635-1318162Fixed
traefikc9f22.10.3-alt12.10.3-alt1ALT-PU-2023-7095-2333913Fixed
traefikp112.9.10-alt12.11.3-alt1ALT-PU-2023-1587-1318160Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/traefik/traefik/releases/tag/v2.9.10
  • Release Notes
https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49
  • Patch
https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92
  • Vendor Advisory
https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2
  • Release Notes
https://security.netapp.com/advisory/ntap-20230517-0008/
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:traefik:traefik:2.10.0:rc1:*:*:*:*:*:*
      cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
      End excliding
      2.9.10
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top