High severityNVD Advisory· Published Apr 14, 2023· Updated Feb 13, 2025
HTTP header parsing could cause a deny of service
CVE-2023-29013
Description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/traefik/traefik/v2Go | < 2.9.10 | 2.9.10 |
github.com/traefik/traefik/v2Go | >= 2.10.0-rc1, < 2.10.0-rc2 | 2.10.0-rc2 |
Affected products
4- ghsa-coords3 versionspkg:golang/github.com/traefik/traefik/v2pkg:rpm/opensuse/traefik2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/traefik&distro=openSUSE%20Tumbleweed
< 2.9.10+ 2 more
- (no CPE)range: < 2.9.10
- (no CPE)range: < 2.11.5-1.1
- (no CPE)range: < 2.10.1-1.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-7hj9-rv74-5g92ghsaADVISORY
- github.com/advisories/GHSA-8v5j-pwr7-w5f8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-29013ghsaADVISORY
- github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49ghsax_refsource_MISCWEB
- github.com/traefik/traefik/releases/tag/v2.10.0-rc2ghsax_refsource_MISCWEB
- github.com/traefik/traefik/releases/tag/v2.9.10ghsax_refsource_MISCWEB
- github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92ghsax_refsource_CONFIRMWEB
- groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJghsaWEB
- security.netapp.com/advisory/ntap-20230517-0008ghsaWEB
- security.netapp.com/advisory/ntap-20230517-0008/mitre
News mentions
0No linked articles in our index yet.