Lucene search

K

Grpc Security Vulnerabilities

cve
cve

CVE-2017-7860

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.

9.8CVSS

9.6AI Score

0.006EPSS

2017-04-14 04:59 AM
32
2
cve
cve

CVE-2017-7861

Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.

9.8CVSS

9.4AI Score

0.006EPSS

2017-04-14 04:59 AM
27
2
cve
cve

CVE-2017-8359

Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

9.8CVSS

9.4AI Score

0.007EPSS

2017-04-30 05:59 PM
38
cve
cve

CVE-2017-9431

Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.

9.8CVSS

9.6AI Score

0.003EPSS

2017-06-05 03:29 AM
33
2
cve
cve

CVE-2020-7768

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.

9.8CVSS

8.3AI Score

0.005EPSS

2020-11-11 11:15 AM
76
cve
cve

CVE-2023-1428

There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later h...

7.5CVSS

7.2AI Score

0.001EPSS

2023-06-09 11:15 AM
2594
cve
cve

CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this c...

7.5CVSS

7.4AI Score

0.002EPSS

2023-06-09 11:15 AM
2617
cve
cve

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond...

5.3CVSS

5.4AI Score

0.001EPSS

2023-06-09 11:15 AM
2643
cve
cve

CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: Unbounded memory buffering in the HPACK parser Unbounded CPU consumption in the...

7.5CVSS

7.5AI Score

0.001EPSS

2023-08-09 01:15 PM
110
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS

8AI Score

0.816EPSS

2023-10-10 02:15 PM
3042
In Wild
cve
cve

CVE-2023-4785

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

7.5CVSS

7.1AI Score

0.001EPSS

2023-09-13 05:15 PM
2519
cve
cve

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an inco...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-10 10:15 PM
47