Vulnerability Description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Traefik | Traefik | < 2.9.10 |
Related Weaknesses (CWE)
References
- https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08cPatch
- https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2Release Notes
- https://github.com/traefik/traefik/releases/tag/v2.9.10Release Notes
- https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92Vendor Advisory
- https://security.netapp.com/advisory/ntap-20230517-0008/Third Party Advisory
- https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08cPatch
- https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2Release Notes
- https://github.com/traefik/traefik/releases/tag/v2.9.10Release Notes
- https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92Vendor Advisory
- https://security.netapp.com/advisory/ntap-20230517-0008/Third Party Advisory
FAQ
What is CVE-2023-29013?
CVE-2023-29013 is a vulnerability with a CVSS score of 7.5 (HIGH). Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP hea...
How severe is CVE-2023-29013?
CVE-2023-29013 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29013?
Check the references section above for vendor advisories and patch information. Affected products include: Traefik Traefik.