high
7.5
CWE
400 770
Advisory Published
Advisory Published
Updated

CVE-2023-47633: Uncontrolled Resource Consumption in Traefik

First published: Mon Dec 04 2023(Updated: )

### Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. ### Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information: `Host(traefik-service) | webwebsecure | traefik-service@docker | traefik-service` I assumed that this is something internal; however, I wondered why it would have a host rule on the web entrypoint configured. So I have send a request with that hostname with `curl -v --resolve "traefik-service:80:xxx.xxx.xxx.xxx" http://traefik-service`. That made my whole server unresponsive. I assume the name comes from a docker container with that name, traefik itself: ``` localhost ~ # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d1414e74aec7 traefik:v2.10 "/entrypoint.sh trae…" 4 minutes ago Up 4 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 127.0.0.1:8080->8080/tcp traefik.service ``` ### PoC 1. Start traefik with `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -p 80:80 --name foo -p 8080:8080 traefik:v2.10 --api.insecure=true --providers.docker` 2. `curl -v --resolve "foo:80:127.0.0.1" http://foo` looks like this creates an endless loop of request. Knowing the name of the docker container seems to be enough to trigger this, if the docker backend is used. ### Impact Server is unreachable and uses 100% CPU

Credit: security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
go/github.com/traefik/traefik/v3<3.0.0-beta5
3.0.0-beta5
go/github.com/traefik/traefik/v2<2.10.6
2.10.6
Traefik Traefik<=2.10.5
Traefik Traefik=3.0.0-beta1
Traefik Traefik=3.0.0-beta2
Traefik Traefik=3.0.0-beta3
Traefik Traefik=3.0.0-beta4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-47633?

    CVE-2023-47633 is a vulnerability in Traefik that results in uncontrolled resource consumption when the traefik docker container serves as its own backend.

  • How severe is CVE-2023-47633?

    CVE-2023-47633 has a severity rating of 7.5 (high).

  • What is the affected software for CVE-2023-47633?

    The affected software for CVE-2023-47633 includes Traefik versions up to and including 2.10.6 and 3.0.0-beta5.

  • How can I fix CVE-2023-47633?

    To fix CVE-2023-47633, update Traefik to version 2.10.6 or 3.0.0-beta5.

  • Are there any additional resources for CVE-2023-47633?

    Yes, you can find additional information and updates for CVE-2023-47633 in the Traefik GitHub security advisories and release notes.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203