Skip to content

Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop

Moderate severity GitHub Reviewed Published May 23, 2024 in traefik/traefik • Updated May 23, 2024

Package

gomod github.com/traefik/traefik (Go)

Affected versions

<= 1.7.34

Patched versions

None
gomod github.com/traefik/traefik/v2 (Go)
< 2.11.3
2.11.3
gomod github.com/traefik/traefik/v3 (Go)
< 3.0.1
3.0.1

Description

Impact

There is a vulnerability in GO managing malformed DNS message, which impacts Traefik.
This vulnerability could be exploited to cause a denial of service.

References

Patches

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

References

@nmengin nmengin published to traefik/traefik May 23, 2024
Published to the GitHub Advisory Database May 23, 2024
Reviewed May 23, 2024
Last updated May 23, 2024

Severity

Moderate
5.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-f7cq-5v43-8pwp

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.