Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-33953

Опубликовано: 09 авг. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

  • Unbounded memory buffering in the HPACK parser
  • Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs:
  • The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
  • HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
  • gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…

    A flaw was found in the gRPC lib. This vulnerability allows hpack table accounting errors that could lead to unwanted disconnects between clients and servers in exceptional cases. This issue leads to Unbounded memory buffering in the HPACK parser and Unbounded CPU consumption in the HPACK parser.

Отчет

This vulnerability is specific to C++ implementations of gRPC prior to the 1.57 release. The gRPC library was packaged with Openshift via the Kuryr component. However, Kuryr was never configured to run code using the gRPC library and has since been removed.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-controller-rhel8Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-controller-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-git-cloner-rhel8Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-git-cloner-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-bundler-rhel8Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-bundler-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-processing-rhel8Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-image-processing-rhel9Not affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-operator-bundleNot affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-789
Дефект:
CWE-834
https://bugzilla.redhat.com/show_bug.cgi?id=2230890gRPC: hpack table accounting errors can lead to denial of service

EPSS

Процентиль: 31%
0.00116
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-33953

CVSS3: 7.5
ubuntu
больше 2 лет назад

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per fram...

nvd логотип

CVE-2023-33953

CVSS3: 7.5
nvd
больше 2 лет назад

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per fra

msrc логотип

CVE-2023-33953

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-33953

CVSS3: 7.5
debian
больше 2 лет назад

gRPC contains a vulnerability that allows hpack table accounting error ...

github логотип

GHSA-496j-2rq6-j6cc

CVSS3: 7.5
github
больше 2 лет назад

Excessive Iteration in gRPC

EPSS

Процентиль: 31%
0.00116
Низкий

7.5 High

CVSS3

Уязвимость CVE-2023-33953