Lucene search

K
githubGitHub Advisory DatabaseGHSA-F7CQ-5V43-8PWP
HistoryMay 23, 2024 - 3:19 p.m.

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

2024-05-2315:19:41
CWE-1395
GitHub Advisory Database
github.com
42
traefik
vulnerability
go
infinite loop
malformed dns
denial of service
cve-2024-24788
patch
release
v2.11.3
v3.0.1
advisory

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.3%

Impact

There is a vulnerability in GO managing malformed DNS message, which impacts Traefik.
This vulnerability could be exploited to cause a denial of service.

References

Patches

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

Affected configurations

Vulners
Node
traefiktraefikRange1.7.34
OR
traefiktraefikRange<3.0.1
OR
traefiktraefikRange<2.11.3
VendorProductVersionCPE
traefiktraefik*cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.3%