Lucene search

K
cve[email protected]CVE-2023-4785
HistorySep 13, 2023 - 5:15 p.m.

CVE-2023-4785

2023-09-1317:15:10
CWE-248
web.nvd.nist.gov
2302
cve-2023-4785
google
grpc
error handling
tcp server
posix
linux
denial of service
nvd
vulnerability
c++
python
ruby
java
go

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.6%

Lack of error handling in the TCP server in Google’s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

Affected configurations

Vulners
NVD
Node
googlegoogle_appsRange1.56.01.56.1
OR
googlegoogle_appsRange1.55.01.55.2
OR
googlegoogle_appsRange1.54.0154.2
OR
googlegoogle_appsRange1.53.01.53.1
VendorProductVersionCPE
googlegoogle_apps*cpe:2.3:a:google:google_apps:*:*:*:*:*:*:*:*
googlegoogle_apps*cpe:2.3:a:google:google_apps:*:*:*:*:*:*:*:*
googlegoogle_apps*cpe:2.3:a:google:google_apps:*:*:*:*:*:*:*:*
googlegoogle_apps*cpe:2.3:a:google:google_apps:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Posix-compatible platforms"
    ],
    "product": "gRPC",
    "repo": "https://github.com/grpc/grpc",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "1.23",
        "status": "unaffected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "1.57"
      },
      {
        "changes": [
          {
            "at": "1.56.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.56.1",
        "status": "affected",
        "version": "1.56.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "1.55.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.55.2",
        "status": "affected",
        "version": "1.55.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "1.54.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "154.2",
        "status": "affected",
        "version": "1.54.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "1.53.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.53.1",
        "status": "affected",
        "version": "1.53.0",
        "versionType": "custom"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.6%