{"id":"CVE-2023-29013","summary":"HTTP header parsing could cause a deny of service","details":"Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.","aliases":["GHSA-7hj9-rv74-5g92"],"modified":"2026-04-10T04:57:04.767496Z","published":"2023-04-14T18:15:12.622Z","related":["openSUSE-SU-2024:13007-1","openSUSE-SU-2024:14076-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29013.json","cwe_ids":["CWE-400"]},"references":[{"type":"WEB","url":"https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2"},{"type":"WEB","url":"https://github.com/traefik/traefik/releases/tag/v2.9.10"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29013.json"},{"type":"ADVISORY","url":"https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29013"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230517-0008/"},{"type":"FIX","url":"https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/traefik/traefik","events":[{"introduced":"0"},{"fixed":"4ed3964b3586565519249bbdc55eb1b961c08c49"}]}],"versions":["v1.0","v1.0.0","v1.0.0-beta.211","v1.0.0-beta.212","v1.0.0-beta.220","v1.0.0-beta.224","v1.0.0-beta.247","v1.0.0-beta.254","v1.0.0-beta.277","v1.0.0-beta.280","v1.0.0-beta.287","v1.0.0-beta.289","v1.0.0-beta.291","v1.0.0-beta.300","v1.0.0-beta.324","v1.0.0-beta.339","v1.0.0-beta.341","v1.0.0-beta.352","v1.0.0-beta.355","v1.0.0-beta.366","v1.0.0-beta.374","v1.0.0-beta.392","v1.0.0-beta.395","v1.0.0-beta.404","v1.0.0-beta.408","v1.0.0-beta.416","v1.0.0-beta.421","v1.0.0-beta.427","v1.0.0-beta.433","v1.0.0-beta.436","v1.0.0-beta.440","v1.0.0-beta.442","v1.0.0-beta.453","v1.0.0-beta.470","v1.0.0-beta.475","v1.0.0-beta.481","v1.0.0-beta.484","v1.0.0-beta.505","v1.0.0-beta.508","v1.0.0-beta.513","v1.0.0-beta.524","v1.0.0-beta.545","v1.0.0-beta.548","v1.0.0-beta.555","v1.0.0-beta.573","v1.0.0-beta.576","v1.0.0-beta.582","v1.0.0-beta.601","v1.0.0-beta.610","v1.0.0-beta.614","v1.0.0-beta.621","v1.0.0-beta.644","v1.0.0-beta.652","v1.0.0-beta.666","v1.0.0-beta.673","v1.0.0-beta.676","v1.0.0-beta.682","v1.0.0-beta.692","v1.0.0-beta.695","v1.0.0-beta.704","v1.0.0-beta.712","v1.0.0-beta.721","v1.0.0-beta.723","v1.0.0-beta.732","v1.0.0-beta.744","v1.0.0-beta.754","v1.0.0-beta.756","v1.0.0-beta.767","v1.0.0-beta.771","v1.0.0-beta.784","v1.0.0-beta.794","v1.0.0-beta.804","v1.0.0-beta.809","v1.0.0-rc1","v1.0.0-rc2","v1.0.0-rc3","v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185","v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458","v1.0.alpha.157","v1.0.alpha.164","v1.0.alpha.170","v1.0.alpha.171","v1.0.alpha.176","v1.0.alpha.178","v1.0.alpha.182","v1.0.alpha.186","v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e","v1.0.alpha.200","v1.0.alpha.212","v1.0.alpha.215","v1.0.alpha.216","v1.0.alpha.217","v1.0.alpha.228","v1.0.alpha.247","v1.0.alpha.249","v1.0.alpha.250","v1.0.alpha.251","v1.0.alpha.252","v1.0.alpha.256","v1.0.alpha.257","v1.0.alpha.263","v1.0.alpha.266","v1.0.alpha.267","v1.0.alpha.268","v1.0.alpha.269","v1.0.alpha.270","v1.0.alpha.271","v1.0.alpha.272","v1.0.alpha.273","v1.0.alpha.274","v1.0.alpha.275","v1.0.alpha.285","v1.0.alpha.288","v1.0.alpha.290","v1.0.alpha.291","v1.0.alpha.302","v1.0.alpha.306","v1.0.alpha.311","v1.0.alpha.329","v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d","v1.0.alpha.333","v1.0.alpha.336","v1.0.alpha.338","v1.0.alpha.341","v1.0.alpha.357","v1.0.alpha.358","v1.0.alpha.361","v1.0.alpha.364","v1.0.alpha.367","v1.0.alpha.374","v1.0.alpha.392","v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb","v1.0.alpha.404","v1.0.alpha.412","v1.0.alpha.418","v1.0.alpha.421","v1.0.alpha.425","v1.0.alpha.439","v1.0.alpha.443","v1.0.alpha.450","v1.0.alpha.463","v1.0.alpha.469","v1.0.alpha.471","v1.0.alpha.477","v1.0.alpha.481","v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2","v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e","v1.0.alpha.506","v1.0.alpha.516","v1.0.alpha.522","v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b","v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a","v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30","v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff","v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708","v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05","v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b","v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f","v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb","v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e","v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b","v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d","v1.1.0-rc1","v1.3.0-rc1","v1.4.0-rc1","v1.5.0-rc1","v1.6.0-rc1","v1.7.0-rc1","v2.0.0-alpha1","v2.1.0-rc1","v2.1.0-rc2","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.3.0-rc1","v2.4.0","v2.4.0-rc1","v2.4.0-rc2","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.5.0-rc1","v2.6.0-rc1","v2.7.0","v2.7.0-rc1","v2.7.0-rc2","v2.8.0-rc1","v2.9.0-rc1","v2.9.0-rc2","v2.9.0-rc3","v2.9.0-rc4","v2.9.0-rc5","v2.9.1","v2.9.2","v2.9.3","v2.9.4","v2.9.5","v2.9.6","v2.9.7","v2.9.8","v2.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29013.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}