Traefik HTTP/2 Denial-of-Service Vulnerability

0
61

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Buscar
Categorías
Leer más
Ciberseguridad
Titel (i dansk)
Titel (i dansk)Sammendrag (i dansk)CVE-2026-4983 er en sikkerhedsvilkårlighedsfejl, der kan lede...
Por Mario Serrano 2026-06-30 18:15:54 0 332
Ciberseguridad
Titre (en français)
Titre (en fran├ºais)R├®sum├® (en fran├ºais)Le vuln├®rabilit├® CVE-2026-12866 concerne le package...
Por Mario Serrano 2026-06-30 05:08:21 0 16
Ciberseguridad
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ ÐüÐéð░ÐéÐîð© (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ ÐüÐéð░ÐéÐîð© (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)ðíð▓ð¥ð┤ð║ð░ (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)ðºÐéð¥...
Por Mario Serrano 2026-06-30 06:29:21 0 50
Otro
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)ðíð▓ð¥ð┤ð║ð░ (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)ðºÐéð¥...
Por Mario Serrano 2026-06-30 06:29:27 0 29
Otro
TITLU: Vulnerabilitate CVE-2026-12866 - Detali CVSS, EPSS și Kev | CVE Find (Romaian)
TITLU: Vulnerabilitate CVE-2026-12866 - Detali CVSS, EPSS și Kev | CVE FindSUMAR...
Por Mario Serrano 2026-06-30 06:40:29 0 55