What is the vulnerability ID for this Traefik vulnerability?

The vulnerability ID for this Traefik vulnerability is CVE-2023-29013.

What is the impact of this vulnerability?

This vulnerability in Traefik can cause substantial memory allocation when parsing HTTP headers.

Which versions of Traefik are affected?

Traefik versions up to and excluding 2.9.10 are affected, as well as version 2.10.0-rc1.

How can I fix this vulnerability?

To fix this vulnerability, upgrade to Traefik version 2.10.0-rc2 or version 2.9.10.

Vulnerability/
CVE-2023-29013

high

7.5

CWE

400

14/4/2023

26/5/2023

CVE-2023-29013

Q: What is Traefik?

Traefik is a modern HTTP reverse proxy and load balancer for deploying microservices.

First published: Fri Apr 14 2023(Updated: )

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Traefik Traefik	<2.9.10
Traefik Traefik	=2.10.0-rc1

Remedy

https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this Traefik vulnerability?
The vulnerability ID for this Traefik vulnerability is CVE-2023-29013.
What is Traefik?
Traefik is a modern HTTP reverse proxy and load balancer for deploying microservices.
What is the impact of this vulnerability?
This vulnerability in Traefik can cause substantial memory allocation when parsing HTTP headers.
Which versions of Traefik are affected?
Traefik versions up to and excluding 2.9.10 are affected, as well as version 2.10.0-rc1.
How can I fix this vulnerability?
To fix this vulnerability, upgrade to Traefik version 2.10.0-rc2 or version 2.9.10.

agent/references
agent/severity
agent/author
agent/type
agent/event
agent/weakness
agent/tags
agent/description
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
vendor/traefik
canonical/traefik traefik
version/traefik traefik/2.10.0-rc1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.