Search CVE reports
1 – 10 of 12 results
CVE-2024-7246
Medium priorityIt's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other...
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-4785
Medium priorityLack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the...
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-33953
Medium prioritygRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: -...
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-32732
Medium prioritygRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server,...
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-32731
Medium priorityWhen gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender...
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-1428
Medium priorityThere exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http,...
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-9515
Medium prioritySome fixes available 13 of 60
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, netty, nginx...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
h2o | Not affected | Not affected | Not affected | Vulnerable | Not in release |
netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9514
Medium prioritySome fixes available 13 of 77
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2017-9431
Medium priorityGoogle gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | — | — | — | Not affected | Not affected |
CVE-2017-8359
Medium priorityGoogle gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
1 affected packages
grpc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
grpc | Not affected | Not affected | Not affected | Not affected | Vulnerable |