CVE-2023-4785

Опубликовано: 14 сент. 2023

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++, Python, and Ruby are affected, but gRPC Java and Go are NOT affected.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 4	grpc	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-kuryr-cni-rhel8	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-kuryr-controller-rhel8	Not affected
Red Hat Satellite 6.14 for RHEL 8	rubygem-grpc	Fixed	RHSA-2024:0797	13.02.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-248

https://bugzilla.redhat.com/show_bug.cgi?id=2239017gRPC: file descriptor exhaustion leads to denial of service

EPSS

Процентиль: 4%

0.00018

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-4785

CVSS3: 7.5

ubuntu

больше 2 лет назад

CVE-2023-4785

CVSS3: 7.5

nvd

больше 2 лет назад

CVE-2023-4785

CVSS3: 7.5

msrc

больше 1 года назад

Описание отсутствует

CVE-2023-4785

CVSS3: 7.5

debian

больше 2 лет назад

Lack of error handling in the TCP server in Google's gRPC starting ver ...

GHSA-p25m-jpj4-qcrr

CVSS3: 7.5

github

больше 2 лет назад

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

EPSS

Процентиль: 4%

0.00018

Низкий

7.5 High

CVSS3