Vulnerabilities > CVE-2023-4785 - Unspecified vulnerability in Grpc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Vulnerable Configurations
References
- https://github.com/grpc/grpc/pull/33656
- https://github.com/grpc/grpc/pull/33656
- https://github.com/grpc/grpc/pull/33667
- https://github.com/grpc/grpc/pull/33667
- https://github.com/grpc/grpc/pull/33669
- https://github.com/grpc/grpc/pull/33669
- https://github.com/grpc/grpc/pull/33670
- https://github.com/grpc/grpc/pull/33670
- https://github.com/grpc/grpc/pull/33672
- https://github.com/grpc/grpc/pull/33672