Lucene search
GoogleCVELIST:CVE-2023-1428HistoryJun 09, 2023 - 10:46 a.m.
CVE-2023-1428 Denial-of-Service in gRPC
2023-06-0910:46:54
CWE-617
Google
raw.githubusercontent.com
1
vulnerability
grpc
dos
c++
http2
headers
size limit
upgrade
git commit
There exists an vulnerability causing an abort() to be called in gRPC.Β
The following headers cause gRPCβs C++ implementation to abort() when called via http2:
te: x (x != trailers)
:scheme: x (x != http, https)
grpclb_client_stats: x (x == anything)
On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commitΒ 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
Related
cve
cve
CVE-2023-1428
2023-06-09 11:15:09
cgr
cgr
CVE-2023-1428 vulnerabilities
2024-05-19 03:07:16
github
github
gRPC Reachable Assertion issue
2023-07-06 21:15:08
osv
osv
CVE-2023-1428
2023-06-09 11:15:09
gRPC Reachable Assertion issue
2023-07-06 21:15:08
debiancve
debiancve
CVE-2023-1428
2023-06-09 11:15:09
wolfi
wolfi
CVE-2023-1428 vulnerabilities
2024-06-01 21:07:39
ubuntucve
ubuntucve
CVE-2023-1428
2023-06-09 00:00:00
prion
prion
Code injection
2023-06-09 11:15:00
veracode
veracode
Denial Of Service (DoS)
2023-07-13 07:39:05
redhatcve
redhatcve
CVE-2023-1428
2023-06-13 06:35:32
