CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description： The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario:If a message is received with both a Transfer-Enc...

CVE-2023-31039

Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218...

CVE-2023-45757

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 disable rpcz feature

CVE-2025-54472

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the intege...