Lucene search
GoogleOSV:GHSA-6628-Q6J9-W8VGHistoryJul 06, 2023 - 9:15 p.m.
gRPC Reachable Assertion issue
2023-07-0621:15:08
Google
osv.dev
8
vulnerability
grpc
c++
headers
http2
git
recommendation
software
0.0005 Low
EPSS
Percentile
16.0%
There exists an vulnerability causing an abort() to be called in gRPC.
The following headers cause gRPC’s C++ implementation to abort() when called via http2:
te: x (x != trailers)
:scheme: x (x != http, https)
grpclb_client_stats: x (x == anything)
On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
Related
ubuntucve
ubuntucve
CVE-2023-1428
2023-06-09 00:00:00
cvelist
cvelist
CVE-2023-1428 Denial-of-Service in gRPC
2023-06-09 10:46:54
wolfi
wolfi
CVE-2023-1428 vulnerabilities
2024-05-24 03:07:52
debiancve
debiancve
CVE-2023-1428
2023-06-09 11:15:09
osv
osv
CVE-2023-1428
2023-06-09 11:15:09
cgr
cgr
CVE-2023-1428 vulnerabilities
2024-05-19 03:07:16
github
github
gRPC Reachable Assertion issue
2023-07-06 21:15:08
cve
cve
CVE-2023-1428
2023-06-09 11:15:09
prion
prion
Code injection
2023-06-09 11:15:00
redhatcve
redhatcve
CVE-2023-1428
2023-06-13 06:35:32
veracode
veracode
Denial Of Service (DoS)
2023-07-13 07:39:05
