Vulnerabilities > Grpc > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-09-13 | CVE-2023-4785 | Unspecified vulnerability in Grpc Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. | 7.5 |
2023-08-09 | CVE-2023-33953 | Excessive Iteration vulnerability in Grpc gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. | 7.5 |
2023-06-09 | CVE-2023-1428 | Reachable Assertion vulnerability in Grpc There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. | 7.5 |
2023-06-09 | CVE-2023-32731 | Unspecified vulnerability in Grpc When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. | 7.5 |