Traefik HTTP/2 Denial-of-Service Vulnerability

0
74

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Buscar
Categorías
Leer más
Ciberseguridad
Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE Find
Vulnerabilitas CVE-2026-12866Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE...
Por Mario Serrano 2026-06-30 10:12:20 0 9
Ciberseguridad
Open VSX Registry Stored XSS via Malicious SVG Icons ÔÇö CVE-2026-4983 (dansk)
Open VSX Registry Stored XSS via Malicious SVG Icons Sammendrag CVE-2026-4983 er en stored...
Por Mario Serrano 2026-06-30 18:16:11 0 505
Ciberseguridad
Titel (i dansk)
Titel (i dansk)Sammendrag (i dansk)Hvad er vulnerability/exploitet omkring?Open VSX Registry ikke...
Por Mario Serrano 2026-06-30 18:10:14 0 371
Ciberseguridad
Titel (in Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Deze vulnereer is expr-eval, een JavaScript bibliotheek...
Por Mario Serrano 2026-06-30 06:11:50 0 56
Ciberseguridad
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ ÐüÐéð░ÐéÐîð© (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)
ðùð░ð│ð¥ð╗ð¥ð▓ð¥ð║ ÐüÐéð░ÐéÐîð© (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)ðíð▓ð¥ð┤ð║ð░ (ð▓ ÐÇÐâÐüÐüð║ð¥ð╝)ðºÐéð¥...
Por Mario Serrano 2026-06-30 12:56:40 0 9