{"api_version":"1","generated_at":"2026-04-22T21:27:09+00:00","cve":"CVE-2023-29013","urls":{"html":"https://cve.report/CVE-2023-29013","api":"https://cve.report/api/cve/CVE-2023-29013.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-29013","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-29013"},"summary":{"title":"CVE-2023-29013","description":"Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-04-14 19:15:00","updated_at":"2023-05-26 15:01:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49","name":"https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49","refsource":"MISC","tags":[],"title":"Prepare release v2.9.10 · traefik/traefik@4ed3964 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/traefik/traefik/releases/tag/v2.9.10","name":"https://github.com/traefik/traefik/releases/tag/v2.9.10","refsource":"MISC","tags":[],"title":"Release v2.9.10 · traefik/traefik · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20230517-0008/","name":"https://security.netapp.com/advisory/ntap-20230517-0008/","refsource":"MISC","tags":[],"title":"CVE-2023-29013 Golang Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2","name":"https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2","refsource":"MISC","tags":[],"title":"Release v2.10.0-rc2 · traefik/traefik · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92","name":"https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92","refsource":"MISC","tags":[],"title":"HTTP header parsing could cause a deny of service  · Advisory · traefik/traefik · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-29013","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29013","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"29013","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"golang","cpe5":"go","cpe6":"1.20.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"29013","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"traefik","cpe5":"traefik","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"29013","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"traefik","cpe5":"traefik","cpe6":"2.10.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-29013","qid":"503271","title":"Alpine Linux Security Update for traefik"},{"cve":"CVE-2023-29013","qid":"506263","title":"Alpine Linux Security Update for traefik"},{"cve":"CVE-2023-29013","qid":"691126","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for traefik (02e51cb3-d7e4-11ed-9f7a-5404a68ad561)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-29013","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400: Uncontrolled Resource Consumption","cweId":"CWE-400"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"traefik","product":{"product_data":[{"product_name":"traefik","version":{"version_data":[{"version_affected":"=","version_value":"< 2.9.10"},{"version_affected":"=","version_value":"= 2.10.0-rc1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92","refsource":"MISC","name":"https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92"},{"url":"https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49","refsource":"MISC","name":"https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49"},{"url":"https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2","refsource":"MISC","name":"https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2"},{"url":"https://github.com/traefik/traefik/releases/tag/v2.9.10","refsource":"MISC","name":"https://github.com/traefik/traefik/releases/tag/v2.9.10"},{"url":"https://security.netapp.com/advisory/ntap-20230517-0008/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20230517-0008/"}]},"source":{"advisory":"GHSA-7hj9-rv74-5g92","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-04-14 19:15:00","lastModifiedDate":"2023-05-26 15:01:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:traefik:traefik:2.10.0:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionEndExcluding":"2.9.10","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}