Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2024-7246

Medium priority
Needs evaluation

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other...

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-4785

Medium priority
Needs evaluation

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the...

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-33953

Medium priority
Needs evaluation

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: -...

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-32732

Medium priority
Needs evaluation

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server,...

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-32731

Medium priority
Needs evaluation

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender...

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-1428

Medium priority
Needs evaluation

There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http,...

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-9515

Medium priority

Some fixes available 13 of 60

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, netty, nginx...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 13 of 77

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Needs evaluation Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Ignored Ignored
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 16 packages Show less packages

CVE-2017-9431

Medium priority
Ignored

Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Not affected Not affected
Show less packages

CVE-2017-8359

Medium priority
Vulnerable

Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

1 affected packages

grpc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grpc Not affected Not affected Not affected Not affected Vulnerable
Show less packages