CVE-2023-29013

Опубликовано: 14 апр. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Ссылки

https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49
Patch
https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2
Release Notes
https://github.com/traefik/traefik/releases/tag/v2.9.10
Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230517-0008/
Third Party Advisory
https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49
Patch
https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2
Release Notes
https://github.com/traefik/traefik/releases/tag/v2.9.10
Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230517-0008/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

Версия до 2.9.10 (исключая)

cpe:2.3:a:traefik:traefik:2.10.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.0369

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

Связанные уязвимости

CVE-2023-29013

CVSS3: 7.5

debian

почти 3 года назад

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...

GHSA-7hj9-rv74-5g92

CVSS3: 7.5

github

почти 3 года назад

Traefik HTTP header parsing could cause a denial of service

EPSS

Процентиль: 88%

0.0369

Низкий

7.5 High

CVSS3

Дефекты

CWE-400