CVE-2026-33190

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...

CVE-2026-33783

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service DoS. If colored SRTE policy tunnels are provisioned via...

Linux Distros Unpatched Vulnerability : CVE-2017-7861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google gRPC before 2017-02-22 has an out-of-bounds write related to the gprfree function in core/lib/support/alloc.c. CVE-2017-7861 Note that Nessus relies on t...

grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend

A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...

The vulnerability of Google GRPC’s remote procedure call system lies in insufficient input validation and improper implementation of functions, allowing attackers to trigger service failures.

The vulnerability of Google GRPC process callouts is related to insufficient validation of input data and improper implementation of functions. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

PT-2023-4873

Name of the Vulnerable Software and Affected Versions gRPC affected versions not specified Description The issue arises when the gRPC HTTP2 stack encounters a header size exceeded error, causing it to skip parsing the rest of the HPACK frame. This results in a desynchronization of HPACK tables...

DEBIAN-CVE-2017-9431

Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c...

Google gRPC Denial of Service Vulnerability

Google gRPC is the United States Google Google company developed a mobile and HTTP/2 design for open source, general-purpose RPC framework, with two-way flow, flow control, header compression, a single TCP connection on the multiple multiplexing requests and other features. A denial of service...

PYSEC-2017-101

Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpccalldestroy function in core/lib/surface/call.c...

Google gRPC heap buffer overflow vulnerability (CNVD-2017-06015)

gRPC is an open source RPC framework . A heap buffer overflow vulnerability exists in the parseunix function within Google gRPC core/ext/clientchannel/parseaddress.c, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code...

UBUNTU-CVE-2017-7861

Google gRPC before 2017-02-22 has an out-of-bounds write related to the gprfree function in core/lib/support/alloc.c...

DEBIAN-CVE-2017-7860

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parseunix function in core/ext/clientchannel/parseaddress.c...