EUVD-2023-2030

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

gRPC HTTP2 header size error leads to HPACK table desynchronization, risking information leaks and escalation.

Reporter	Title	Published	Views	Family All 59
IBM Security Bulletins	Security Bulletin: Vulnerabilities in gRPC affect watsonx.data	25 Sep 202419:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator	28 Aug 202308:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server	14 Dec 202321:06	–	ibm
IBM Security Bulletins	Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data	4 Dec 202508:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436	21 Oct 202414:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2023-32731 CVE-2023-32732)	21 Nov 202512:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in gRPC	27 Jul 202322:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.	18 Dec 202308:12	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in gRPC may affect IBM Robotic Process Automation and result in an attacker obtaining sensitive information. (CVE-2023-32731)	20 Sep 202314:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Db2 affect Cloud Pak System	28 Oct 202416:03	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "ff07ec77-dddc-3e8a-95a9-8caa97a8329f",
        "vendor": {
          "name": "Google"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "d39fe462-97c6-3e37-a6a2-90c81150b6d5",
        "product": {
          "name": "gRPC"
        },
        "product_version": "1.53 ≤1.54"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-32731
github	www.github.com/grpc/grpc/issues/33463
github	www.github.com/grpc/grpc/pull/32309
github	www.github.com/grpc/grpc/pull/33005
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml

03 Oct 2025 20:07Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.4 - 7.5

EPSS0.00075

SSVC