Brpc@* Security Vulnerabilities and Issues — Brpc@* CVE List

ApacheBrpc*

3 matches found

CVE•added 2023/10/16 8:1 a.m.•66 views

CVE-2023-45757

CVE-2023-45757 affects Apache bRPC 1.6.0 (e.g., 1.6.1), (2) apply the patch from PR #2411 if upgrading is difficult, or (3) disable the rpcz feature. If exploitation details or in-the-wild data are not present in the provided documents, those specifics are not stated here.

6.1CVSS6.2AI score0.03819EPSS

CVE•added 2025/12/01 10:22 a.m.•41 views

CVE-2025-59789

CVE-2025-59789 : Apache bRPC’s json2pb component (uses rapidjson) is vulnerable to stack/exhaustion via deeply recursive JSON input, causing server crashes. Affected: bRPC

7.5CVSS6.8AI score0.0024EPSS

CVE•added 2025/08/14 9:5 a.m.•19 views

CVE-2025-54472

CVE-2025-54472 affects Apache bRPC’s Redis protocol parser. The root cause is unbounded memory allocation when parsing Redis protocol data, where arrays/strings are allocated based on network-provided integers; if a value is too large, a bad_alloc can crash the service. The issue also affects 1.1...

7.5CVSS7.4AI score0.01395EPSS