AZL-47442 CVE-2024-7246 affecting package grpc for versions less than 1.62.3-1

🗓️ 06 Aug 2024 11:16:07Reported by GoogleType

HPACK poisoning in grpc before 1.62.3-1 via HTTP/2 proxy leaks header keys and causes failures; fixed in 1.62.3 and later.

Reporter	Title	Published	Views	Family All 75
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in gRPC	6 Mar 202520:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	5 Jun 202512:19	–	ibm
Tenable Nessus	Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2024-769)	11 Dec 202400:00	–	nessus
Tenable Nessus	Photon OS 5.0: Grpc PHSA-2024-5.0-0351	22 Aug 202400:00	–	nessus
Tenable Nessus	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:6428)	9 Sep 202400:00	–	nessus
Tenable Nessus	RHEL 8 / 9 : Satellite 6.16.0 (Critical) (RHSA-2024:8906)	6 Nov 202400:00	–	nessus
Tenable Nessus	RHEL 8 : RHUI 4.11 (RHSA-2025:1335)	18 Feb 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : python-grpcio (SUSE-SU-2024:4393-1)	21 Dec 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc (SUSE-SU-2024:4401-1)	21 Dec 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : python-grpcio (SUSE-SU-2024:4428-1)	28 Dec 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-7246

21 Apr 2026 04:32Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3

CVSS 46.3

EPSS0.00038

SSVC