Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-47609

Опубликовано: 01 окт. 2024
Источник: debian
EPSS Низкий

Описание

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
rust-tonicnot-affectedpackage

Примечания

  • https://github.com/hyperium/tonic/security/advisories/GHSA-4jwc-w2hc-78qv

  • https://github.com/hyperium/tonic/issues/1897

  • https://rustsec.org/advisories/RUSTSEC-2024-0376.html

  • Introduced in https://github.com/hyperium/tonic/commit/c3be20c86e1a6dfa3523b2d77e8c503d0f5b2ce3 (v0.12.2)

  • Fixed in https://github.com/hyperium/tonic/commit/a4472a86f3290e60c7c01348b7e6a8164d6e7e48 (v0.12.3)

EPSS

Процентиль: 47%
0.00241
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-47609

ubuntu
больше 1 года назад

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.

redhat логотип

CVE-2024-47609

CVSS3: 3.7
redhat
больше 1 года назад

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.

nvd логотип

CVE-2024-47609

nvd
больше 1 года назад

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.

github логотип

GHSA-4jwc-w2hc-78qv

CVSS3: 5.3
github
больше 1 года назад

Tonic has remotely exploitable denial of service vulnerability

EPSS

Процентиль: 47%
0.00241
Низкий