Bug 1217807 (CVE-2023-47633) - VUL-0: CVE-2023-47633: traefik: 100% CPU usage when self-serving as backend
Summary: VUL-0: CVE-2023-47633: traefik: 100% CPU usage when self-serving as backend
Status: RESOLVED FIXED
Alias: CVE-2023-47633
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/386934/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-05 08:10 UTC by SMASH SMASH
Modified: 2024-05-28 11:37 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-12-05 08:10:26 UTC 
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47633
Comment 1 Alexandre Vicenzi 2024-05-22 13:29:10 UTC 
This has been fixed in https://build.opensuse.org/request/show/1132711.
Comment 2 Carlos López 2024-05-28 11:37:26 UTC 
Done, closing.