Lucene search
Veracode Vulnerability DatabaseVERACODE:41252HistoryJul 13, 2023 - 7:39 a.m.
Denial Of Service (DoS)
2023-07-1307:39:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.0005 Low
EPSS
Percentile
16.0%
grpc is vulnerable to Denial Of Service (DoS). The vulnerability exists due to improper header validation which allows an attacker to send headers such as te: x (x != trailers), scheme: x (x != http, https), and grpclb_client_stats: x (x == anything), leading to the total header size being over 8kb, resulting in an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grpcio | le | 1.52.0 | |
| grpc | le | 1.52.2 | |
| grpc.net.client | le | 2.51.0 | |
| grpc.net.client.web | le | 2.51.0 | |
| io.grpc:grpc-xds | le | 1.52.1 | |
| grpc | le | 1.52.0 | |
| libgrpc.so | le | 30.0.0 | |
| grpcio | le | 1.52.0 | |
| grpc | le | 1.52.2 | |
| grpc.net.client | le | 2.51.0 |
References
github.com/advisories/GHSA-6628-q6j9-w8vg
github.com/grpc/grpc-dotnet/commit/96ea3836b4f0534e844513c49c63a00c395a20fd
github.com/grpc/grpc-java/commit/d07ecbe037d2705a1c9f4b6345581f860e505b56
github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8
github.com/grpc/grpc/commit/7a1412fa12e3ad4735890815b4dd4936c595a345
Related
prion
prion
Code injection
2023-06-09 11:15:00
osv
osv
gRPC Reachable Assertion issue
2023-07-06 21:15:08
CVE-2023-1428
2023-06-09 11:15:09
cvelist
cvelist
CVE-2023-1428 Denial-of-Service in gRPC
2023-06-09 10:46:54
ubuntucve
ubuntucve
CVE-2023-1428
2023-06-09 00:00:00
wolfi
wolfi
CVE-2023-1428 vulnerabilities
2024-05-18 09:07:35
redhatcve
redhatcve
CVE-2023-1428
2023-06-13 06:35:32
github
github
gRPC Reachable Assertion issue
2023-07-06 21:15:08
debiancve
debiancve
CVE-2023-1428
2023-06-09 11:15:09
cve
cve
CVE-2023-1428
2023-06-09 11:15:09
cgr
cgr
CVE-2023-1428 vulnerabilities
2024-05-18 09:07:38
