Traefik vulnerable to HTTP/2 request causing denial of service

Impact

A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

References

CVE-2023-44487
CVE-2023-39325

Patches

https://github.com/traefik/traefik/releases/tag/v2.10.5
https://github.com/traefik/traefik/releases/tag/v3.0.0-beta4

Published: Oct 17, 2023
Updated: Oct 17, 2023
GHSA: GHSA-7v4p-328v-8v5g
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
github.com/traefik/traefik	-	2.10.5
github.com/traefik/traefik	3.0.0-beta1	3.0.0-beta4

https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ?pli=1

Vulnerability Database

289,599

Traefik vulnerable to HTTP/2 request causing denial of service

Impact

References

Patches