Homepage
About Snyk

Allocation of Resources Without Limits or Throttling Affecting github.com/traefik/traefik/v3/pkg/server package, versions >=3.0.0-rc1 <3.0.0-rc5

0.0
high
0
10

Snyk CVSS

    Attack Complexity Low
    Availability High

    Threat Intelligence

    EPSS 0.04% (13th percentile)
Expand this section
Red Hat
7.5 high
Expand this section
SUSE
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMTRAEFIKTRAEFIKV3PKGSERVER-6615853
  • published 16 Apr 2024
  • disclosed 10 Jan 2024
  • credit Bartek Nowotarski
Report a new vulnerability Found a mistake?

Introduced: 10 Jan 2024

CVE-2023-45288 Open this link in a new tab
CWE-770 Open this link in a new tab

How to fix?

Upgrade github.com/traefik/traefik/v3/pkg/server to version 3.0.0-rc5 or higher.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.