CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9

CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9. A patched version of the package is available...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc (SUSE-SU-2024:4436-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4436-1 advisory. - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc (SUSE-SU-2024:4401-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4401-1 advisory. - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy...

CVE-2024-7246 vulnerabilities

Vulnerabilities for packages: grpc...

PT-2024-38206 · Grpc +2 · Grpc +2

Name of the Vulnerable Software and Affected Versions: gRPC versions prior to 1.58.3 gRPC versions prior to 1.59.5 gRPC versions prior to 1.60.2 gRPC versions prior to 1.61.3 gRPC versions prior to 1.62.3 gRPC versions prior to 1.63.2 gRPC versions prior to 1.64.3 gRPC versions prior to 1.65.4...

Important: grpc

Issue Overview: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and...