Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grpc grpc vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-4785
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an malicious user to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and R...
Grpc Grpc
Grpc Grpc 1.56.0
9.8
CVSSv3
CVE-2017-7861
Google gRPC prior to 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
Grpc Grpc
9.8
CVSSv3
CVE-2017-7860
Google gRPC prior to 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.
Grpc Grpc
9.8
CVSSv3
CVE-2017-8359
Google gRPC prior to 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
Grpc Grpc
7.5
CVSSv3
CVE-2023-33953
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded...
Grpc Grpc
9.8
CVSSv3
CVE-2017-9431
Google gRPC prior to 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
Grpc Grpc
7.5
CVSSv3
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an...
Grpc Grpc
9.8
CVSSv3
CVE-2020-7768
The package grpc prior to 1.24.4; the package @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
Grpc Grpc
7.5
CVSSv3
CVE-2023-1428
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of ...
Grpc Grpc
7.5
CVSSv3
CVE-2021-36155
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and previous versions allocates buffers of arbitrary length, which allows remote malicious users to cause uncontrolled resource consumption and deny service.
Linuxfoundation Grpc Swift 1.0.0
Linuxfoundation Grpc Swift 1.1.0
Linuxfoundation Grpc Swift 1.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »