When using Traefik as an HTTP/2 proxy, it is possible to accidentally close an open connection. The HTTP/2 specification requires all connections to be closed after a given time, or when explicitly closed by the client. In an instance where the client is a reverse proxy like Traefik, the connection is still open and active on the proxy, so it is possible for the proxy to hang indefinitely due to a fatal error. This is due to an implicit close in the proxy code. There is currently no known workaround for this.
CVE-2023-39273
When using Traefik as an HTTP/2 proxy, it is possible for the client to intentionally close a connection. This causes the proxy to hang indefinitely due to an implicit close in the proxy code. There is currently no known workaround for this.
CVE-2022-39272
When using Traefik as an HTTP/2 proxy, it is possible to accidentally close an open connection. The HTTP/2 specification requires all connections to be closed after a given time, or when explicitly closed by the client. In an instance where the client is a reverse proxy like Traefik, the connection is still open and active on the proxy, so it is possible for the proxy to hang indefinitely due to a fatal error. This is due to an implicit close in the proxy code. There is currently no known workaround for this.
Vulnerability Title: Docker API Connection Aborts with an Internal Server Error
The vulnerability is called CVE-2022-39271, and it has been assigned a severity rating of high.
This vulnerability could lead to an HTTP/2 connection hanging indefinitely, leaving the proxy unable to handle any traffic.
CVE-2023-39272
When using Traefik as a reverse proxy, it is possible for the client to be tricked into using an existing connection instead of the new HTTP/2 one. This could cause an error in the server's implementation of HTTP/2, or might lead to a Denial Of Service (DoS) attack.
Timeline
Published on: 10/11/2022 14:15:00 UTC
Last modified on: 10/13/2022 16:39:00 UTC