Vulnerabilities > Grpc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-09-13 | CVE-2023-4785 | Unspecified vulnerability in Grpc Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. | 7.5 |
| 2023-08-09 | CVE-2023-33953 | Excessive Iteration vulnerability in Grpc gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. | 7.5 |
| 2023-06-09 | CVE-2023-1428 | Reachable Assertion vulnerability in Grpc There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. | 7.5 |
| 2023-06-09 | CVE-2023-32731 | Unspecified vulnerability in Grpc When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. | 7.5 |
| 2023-06-09 | CVE-2023-32732 | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. | 5.3 |
| 2020-11-11 | CVE-2020-7768 | Unspecified vulnerability in Grpc The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | 9.8 |
| 2017-06-05 | CVE-2017-9431 | Out-of-bounds Write vulnerability in Grpc Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c. | 7.5 |
| 2017-04-30 | CVE-2017-8359 | Out-of-bounds Write vulnerability in Grpc Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | 7.5 |
| 2017-04-14 | CVE-2017-7861 | Out-of-bounds Write vulnerability in Grpc Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. | 7.5 |