CVE-2023-29013: Traefik HTTP header parsing could cause a denial of service
(updated )
There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service.
References
- github.com/advisories/GHSA-7hj9-rv74-5g92
- github.com/advisories/GHSA-8v5j-pwr7-w5f8
- github.com/traefik/traefik
- github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49
- github.com/traefik/traefik/releases/tag/v2.10.0-rc2
- github.com/traefik/traefik/releases/tag/v2.9.10
- github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92
- groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ
- nvd.nist.gov/vuln/detail/CVE-2023-29013
- security.netapp.com/advisory/ntap-20230517-0008
Detect and mitigate CVE-2023-29013 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →