EUVD-2023-2014

Malicious code in bioql PyPI...

Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory. 2023-10-12: CVE-2023-4785 was added to this advisory. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table...

Fedora 38 : grpc (2023-15b3e80753)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-15b3e80753 advisory. Security fix for CVE-2023-32732 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

gRPC 安全漏洞

gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from a base64 encoding error in the -bin suffix header that causes the gRPC server to disconnect...

CVE-2022-3029

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the...