Traefik HTTP/2 Denial-of-Service Vulnerability

0
208

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Site içinde arama yapın
Kategoriler
Read More
Other
Código de Calculadora Científica en PHP con Guardado de Calculos
file: calculator.php<?php // Iniciar sesiones para almacenar datos session_start(); //...
By Mario Serrano 2026-06-30 03:06:26 0 269
Cybersecurity
Titolo (Italiano)
Titolo**Vulnerabilità CVE-2026-12866: Dettagli CVSS, EPSS e CISA Kev**SintesiLa vulnerabilità...
By Mario Serrano 2026-06-30 06:16:01 0 74
Cybersecurity
AN SEO TITLE
Título: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE FindResumo:A...
By Mario Serrano 2026-06-30 05:34:09 0 557
Cybersecurity
Titel (i dansk)
Titel (i dansk)Sammendrag (i dansk)Hvad er vulnerability/exploitet omkring?Open VSX Registry ikke...
By Mario Serrano 2026-06-30 18:10:14 0 437
Other
Titel (in Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Dezeelcode van de package `expr-eval` is geïnfectueerd...
By Mario Serrano 2026-06-30 06:10:37 0 54