CVE-2022-39271
11.10.2022, 14:15
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.Enginsight
| Vendor | Product | Version |
|---|---|---|
| traefik | traefik | 𝑥 < 2.8.8 |
| traefik | traefik | 2.9.0:rc1 |
| traefik | traefik | 2.9.0:rc2 |
| traefik | traefik | 2.9.0:rc3 |
| traefik | traefik | 2.9.0:rc4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-755 - Improper Handling of Exceptional ConditionsThe software does not handle or incorrectly handles an exceptional condition.
References