Lucene search

GitHub Advisory DatabaseGHSA-9HXF-PPJV-W6RQ

HistoryJul 06, 2023 - 9:15 p.m.

gRPC connection termination issue

2023-07-0621:15:08

CWE-440

GitHub Advisory Database

github.com

0.001 Low

EPSS

Percentile

19.7%

JSON

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.

CPENameOperatorVersion
grpclt1.53.0
grpciolt1.53.0
io.grpc:grpc-protobuflt1.53.0

Name	Operator	Version
grpc	lt	1.53.0
grpcio	lt	1.53.0
io.grpc:grpc-protobuf	lt	1.53.0

References

github.com/advisories/GHSA-9hxf-ppjv-w6rq

github.com/grpc/grpc/pull/32309

github.com/grpc/grpc/releases/tag/v1.53.1

github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32732.yml

lists.fedoraproject.org/archives/list/[email protected]/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/

lists.fedoraproject.org/archives/list/[email protected]/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/

nvd.nist.gov/vuln/detail/CVE-2023-32732

0.001 Low

EPSS

Percentile

19.7%

JSON

Related for GHSA-9HXF-PPJV-W6RQ