CVE-2023-29013

Name
CVE-2023-29013
Description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/traefik/traefik/releases/tag/v2.9.10
MISC https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49
MISC https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92
MISC https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2
MISC https://security.netapp.com/advisory/ntap-20230517-0008/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:1.20.2:*:*:*:*:*:*:* go == None == 1.20.2
cpe:2.3:a:traefik:traefik:2.10.0:rc1:*:*:*:*:*:* traefik == None == 2.10.0
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* traefik >= None < 2.9.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
traefik 3.17-community 2.9.4-r5 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable