Lucene search
Veracode Vulnerability DatabaseVERACODE:41259HistoryJul 13, 2023 - 10:09 a.m.
Connection Termination
2023-07-1310:09:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
grpc
http2
proxy
base64 encoding
application crash
0.001 Low
EPSS
Percentile
31.8%
grpc is vulnerable to Connection Termination. An attacker can terminate the connection between a HTTP2 proxy and the gRPC server by providing a -bin suffixed headers, which leads to a base64 encoding error, causing an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grpcio | le | 1.52.0 | |
| grpc | le | 1.52.2 | |
| grpc.net.client | le | 2.51.0 | |
| io.grpc:grpc-xds | le | 1.52.1 | |
| grpc | le | 1.53.0 | |
| libgrpc.so | le | 31.0.0 | |
| grpcio | le | 1.52.0 | |
| grpc | le | 1.52.2 | |
| grpc.net.client | le | 2.51.0 | |
| io.grpc:grpc-xds | le | 1.52.1 |
References
github.com/advisories/GHSA-9hxf-ppjv-w6rq
github.com/grpc/grpc-dotnet/commit/2cdbf1c3089458ca507fd1b23983698ad5fd8329
github.com/grpc/grpc-java/commit/501ca8f7b4f9c5288ca6deaa9191d1b2ee930cc8
github.com/grpc/grpc/commit/6bb17232b2d0bed9efb6bd12d98a3af4582ea9d0
github.com/grpc/grpc/pull/32309
lists.fedoraproject.org/archives/list/[email protected]/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/
lists.fedoraproject.org/archives/list/[email protected]/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/
Related
nessus
nessus
Fedora 37 : grpc (2023-6cad6e5003)
2023-07-23 00:00:00
Fedora 39 : grpc (2023-8570e0055b)
2023-11-07 00:00:00
Fedora 38 : grpc (2023-15b3e80753)
2023-07-23 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: grpc-1.48.4-8.fc38
2023-07-23 01:29:39
[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37
2023-07-23 01:24:39
cvelist
cvelist
CVE-2023-32732 Denial-of-Service in gRPC
2023-06-09 10:48:15
openvas
openvas
Fedora: Security Advisory for grpc (FEDORA-2023-6cad6e5003)
2023-07-26 00:00:00
Fedora: Security Advisory for grpc (FEDORA-2023-15b3e80753)
2023-07-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0573-1)
2024-02-22 00:00:00
wolfi
wolfi
CVE-2023-32732 vulnerabilities
2024-06-01 21:07:39
cgr
cgr
CVE-2023-32732 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-32732
2023-06-09 00:00:00
redhatcve
redhatcve
CVE-2023-32732
2023-06-13 06:35:42
osv
osv
CVE-2023-32732
2023-06-09 11:15:09
gRPC connection termination issue
2023-07-06 21:15:08
cve
cve
CVE-2023-32732
2023-06-09 11:15:09
github
github
gRPC connection termination issue
2023-07-06 21:15:08
prion
prion
Design/Logic Flaw
2023-06-09 11:15:00
debiancve
debiancve
CVE-2023-32732
2023-06-09 11:15:09
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0068
2023-08-08 00:00:00
