Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1391 matches found

UbuntuCve
UbuntuCveadded 2023/06/09 11:15 a.m.25 views

CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS6.8AI score0.00078EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2023/06/09 11:15 a.m.35 views

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS6.7AI score0.00024EPSS
Exploits0References3
Prion
Prionadded 2023/06/09 11:15 a.m.22 views

Design/Logic Flaw

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

5CVSS7.5AI score0.00075EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/09 10:54 a.m.15 views

CVE-2023-32731 Information leak in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.4CVSS7.6AI score0.00075EPSS
Exploits0References2
CVE
CVEadded 2023/06/09 10:54 a.m.2896 views

CVE-2023-32731

CVE-2023-32731 involves a vulnerability in the gRPC HTTP/2 HPACK handling. When the HPACK header size exceeded error is raised, the stack skips parsing the remainder of the HPACK frame, causing HPACK table mutations to be ignored and desynchronizing the HPACK tables between sender and receiver. T...

7.5CVSS7.5AI score0.00075EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2023/06/09 10:54 a.m.24 views

CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.5CVSS7AI score0.00075EPSS
Exploits0
Cvelist
Cvelistadded 2023/06/09 10:54 a.m.18 views

CVE-2023-32731 Information leak in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.4CVSS7.8AI score0.00075EPSS
Exploits0References2
CVE
CVEadded 2023/06/09 10:48 a.m.2923 views

CVE-2023-32732

CVE-2023-32732: gRPC vulnerability where a base64 encoding error for -bin suffixed headers can cause the gRPC server to terminate a connection with an HTTP/2 proxy, potentially affecting availability (LOW). Root cause described as a header encoding mishap that proxies may still allow, with remedi...

5.3CVSS5.5AI score0.00024EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/06/09 10:48 a.m.22 views

CVE-2023-32732 Denial-of-Service in gRPC

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS5.8AI score0.00024EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2023/06/09 10:48 a.m.21 views

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS5.7AI score0.00024EPSS
Exploits0
Cvelist
Cvelistadded 2023/06/09 10:46 a.m.23 views

CVE-2023-1428 Denial-of-Service in gRPC

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS7.5AI score0.00078EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2023/06/09 10:46 a.m.22 views

CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS6.6AI score0.00078EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2023/06/09 10:46 a.m.11 views

CVE-2023-1428 Denial-of-Service in gRPC

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS7.4AI score0.00078EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Databaseadded 2023/06/09 12:0 a.m.11 views

Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.8CVSS6.7AI score0.01019EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linuxadded 2023/06/05 6:54 p.m.3 views

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

7.5CVSS6.6AI score0.00226EPSS
Exploits0References11
RedHat Linux
RedHat Linuxadded 2023/06/05 6:54 p.m.37 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

9.8CVSS6.7AI score0.00338EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2023/05/22 8:29 p.m.22 views

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users must upgrade...

7.5CVSS6.7AI score0.00846EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2023/05/18 5:32 p.m.13 views

GHSA-PGFX-G6RC-8CJV swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...

7.5CVSS7.3AI score0.00432EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2023/05/18 5:32 p.m.18 views

swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...

7.5CVSS6.7AI score0.00432EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2023/05/18 5:30 p.m.17 views

swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...

7.5CVSS6.7AI score0.02591EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder