Lucene search

K
githubGitHub Advisory DatabaseGHSA-7V4P-328V-8V5G
HistoryOct 17, 2023 - 2:37 a.m.

Traefik vulnerable to HTTP/2 request causing denial of service

2023-10-1702:37:42
CWE-400
GitHub Advisory Database
github.com
150
traefik
http/2
denial of service
vulnerability
cve-2023-39325
cve-2023-44487
patches
software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.813

Percentile

98.4%

Impact

A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

References

Patches

Affected configurations

Vulners
Node
traefikgithub.com\/traefik\/traefikRange<3.0.0-beta4
OR
traefikgithub.com\/traefik\/traefikRange<2.10.5

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.813

Percentile

98.4%