Количество 8
Количество 8
GHSA-cfgp-2977-2fmm
Connection confusion in gRPC
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
CVE-2023-32731
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...
BDU:2023-05360
Уязвимость системы удалённого вызова процедур Google gRPC, связанная с недостаточной проверкой вводимых данных и некорректной реализацией функций, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2024:0573-1
Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-cfgp-2977-2fmm Connection confusion in gRPC | CVSS3: 7.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-32731 When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 | CVSS3: 7.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-32731 When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 | CVSS3: 7.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-32731 When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 | CVSS3: 7.4 | 0% Низкий | больше 2 лет назад |
 | CVSS3: 7.5 | 0% Низкий | больше 1 года назад | |
| CVE-2023-32731 When gRPC HTTP2 stack raised a header size exceeded error, it skipped ... | CVSS3: 7.4 | 0% Низкий | больше 2 лет назад |
 | BDU:2023-05360 Уязвимость системы удалённого вызова процедур Google gRPC, связанная с недостаточной проверкой вводимых данных и некорректной реализацией функций, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
 | SUSE-SU-2024:0573-1 Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 | почти 2 года назад |
Уязвимостей на страницу