Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:48398
HistoryAug 07, 2024 - 5:41 a.m.

Information Disclosure

2024-08-0705:41:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
libgrpc.so
information disclosure
vulnerability
misencoded header
hpack table
proxy
backend
http header keys

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:L

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.5%

JSON

libgrpc.so is vulnerable to Information Disclosure. The vulnerability is due to an error status for a misencoded header not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. This can be exploited to poison the HPACK table between the proxy and the backend such that other clients see failed requests and also to leak other clients HTTP header keys, but not values.

Related

nvd 1
alpinelinux 1
debiancve 1
vulnrichment 1
cvelist 1
cve 1
osv 1
nessus 2
ubuntucve 1
redhatcve 1
wolfi 1
photon 1
redhat 1
nvd
nvd
CVE-2024-7246
2024-08-06 11:16:07
alpinelinux
alpinelinux
CVE-2024-7246
2024-08-06 11:16:07
debiancve
debiancve
CVE-2024-7246
2024-08-06 11:16:07
vulnrichment
vulnrichment
CVE-2024-7246 HPACK table poisoning in gRPC C++, Python & Ruby
2024-08-06 10:14:28
cvelist
cvelist
CVE-2024-7246 HPACK table poisoning in gRPC C++, Python & Ruby
2024-08-06 10:14:28
cve
cve
CVE-2024-7246
2024-08-06 11:16:07
osv
osv
CVE-2024-7246
2024-08-06 11:16:07
nessus
nessus
Photon OS 5.0: Grpc PHSA-2024-5.0-0351
2024-08-22 00:00:00
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:6428)
2024-09-09 00:00:00
ubuntucve
ubuntucve
CVE-2024-7246
2024-08-06 00:00:00
redhatcve
redhatcve
CVE-2024-7246
2024-08-06 13:21:25
wolfi
wolfi
CVE-2024-7246 vulnerabilities
2024-09-19 21:18:36
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0351
2024-08-21 00:00:00
redhat
redhat
(RHSA-2024:6428) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2024-09-05 14:03:16

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:L

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

9.5%

JSON
Related for VERACODE:48398
nvd1alpinelinux1debiancve1vulnrichment1cvelist1cve1osv1nessus2ubuntucve1redhatcve1wolfi1photon1redhat1