CVE-2023-29013

Name: CVE-2023-29013
Creator: NVD / NIST
Published: 2023-04-14T19:15:09.127+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.08%

Last modified Jun 17, 2026

CVE-2023-29013 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.08%

61.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Traefik	Traefik	< 2.9.10	—
Traefik	Traefik	2.10.0	Rc1

References

https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49Patch
https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2Release Notes
https://github.com/traefik/traefik/releases/tag/v2.9.10Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92Vendor Advisory
https://security.netapp.com/advisory/ntap-20230517-0008/Third Party Advisory
https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49Patch
https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2Release Notes
https://github.com/traefik/traefik/releases/tag/v2.9.10Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92Vendor Advisory
https://security.netapp.com/advisory/ntap-20230517-0008/Third Party Advisory

Timeline

Published: Apr 14, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-29013?

How severe is CVE-2023-29013?

CVE-2023-29013 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.

How do I fix CVE-2023-29013?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-29013?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST