CVE-2023-29013

Summary

CVE	CVE-2023-29013
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-14 19:15:00 UTC
Updated	2023-05-26 15:01:00 UTC
Description	Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Golang	Go	1.20.2	All	All	All
Application	Traefik	Traefik	All	All	All	All
Application	Traefik	Traefik	2.10.0	rc1	All	All

References

Reference	Source	Link	Tags
Prepare release v2.9.10 · traefik/traefik@4ed3964 · GitHub	MISC	github.com
Release v2.9.10 · traefik/traefik · GitHub	MISC	github.com
CVE-2023-29013 Golang Vulnerability in NetApp Products \| NetApp Product Security	MISC	security.netapp.com
Release v2.10.0-rc2 · traefik/traefik · GitHub	MISC	github.com
HTTP header parsing could cause a deny of service · Advisory · traefik/traefik · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

503271 Alpine Linux Security Update for traefik
506263 Alpine Linux Security Update for traefik
691126 Free Berkeley Software Distribution (FreeBSD) Security Update for traefik (02e51cb3-d7e4-11ed-9f7a-5404a68ad561)