Traefik HTTP/2 Denial-of-Service Vulnerability

0
82

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Buscar
Categorías
Leer más
Ciberseguridad
Titel (in Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Deze vulnereer is expr-eval, een JavaScript bibliotheek...
Por Mario Serrano 2026-06-30 06:11:50 0 56
Otro
Título: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE Find (Portuguese (Brazil))
Título: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE FindSumárioEste...
Por Mario Serrano 2026-06-30 06:49:49 0 38
Ciberseguridad
Titolo (in Italian) (Italiano)
Titolo (in Italian)Sintesi (in Italian)Il CVE-2026-12866 è un vulnerabilità di sicurezza che...
Por Mario Serrano 2026-06-30 06:24:17 0 25
Otro
TITLU: Vulnerabilitatea CVE-2026-12866 - Detalii CVSS, EPSS și CISA Kev | CVE Find (Romaian)
TITLU: Vulnerabilitatea CVE-2026-12866 - Detalii CVSS, EPSS și CISA Kev | CVE...
Por Mario Serrano 2026-06-30 06:32:10 0 10
Ciberseguridad
Ï╣┘å┘êϺ┘å ┘à┘éϺ┘ä┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)
Ï╣┘å┘êϺ┘å ┘à┘éϺ┘ä┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)Ï«┘äϺÏÁ┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)Ϭ┘êÏÂ█îϡϺϬ Ï»┘é█î┘é...
Por Mario Serrano 2026-06-30 17:57:12 0 304