Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-32731

Опубликовано: 09 июн. 2023
Источник: nvd
CVSS3: 7.4
CVSS3: 7.5
EPSS Низкий

Описание

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
Версия от 1.53.0 (включая) до 1.55.0 (исключая)

EPSS

Процентиль: 21%
0.0007
Низкий

7.4 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-440
NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2023-32731

CVSS3: 7.4
ubuntu
больше 2 лет назад

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005

redhat логотип

CVE-2023-32731

CVSS3: 7.4
redhat
больше 2 лет назад

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005

msrc логотип

CVE-2023-32731

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-32731

CVSS3: 7.4
debian
больше 2 лет назад

When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...

github логотип

GHSA-cfgp-2977-2fmm

CVSS3: 7.4
github
больше 2 лет назад

Connection confusion in gRPC

EPSS

Процентиль: 21%
0.0007
Низкий

7.4 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-440
NVD-CWE-Other