Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grpc grpc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4785
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an malicious user to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and R...
Grpc Grpc
Grpc Grpc 1.56.0
NA
CVE-2023-1428
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of ...
Grpc Grpc
668
VMScore
CVE-2017-7860
Google gRPC prior to 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.
Grpc Grpc
668
VMScore
CVE-2017-8359
Google gRPC prior to 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
Grpc Grpc
NA
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an...
Grpc Grpc
668
VMScore
CVE-2017-7861
Google gRPC prior to 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
Grpc Grpc
668
VMScore
CVE-2017-9431
Google gRPC prior to 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
Grpc Grpc
445
VMScore
CVE-2020-7768
The package grpc prior to 1.24.4; the package @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
Grpc Grpc
NA
CVE-2023-33953
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded...
Grpc Grpc
445
VMScore
CVE-2021-36154
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and previous versions allows remote malicious users to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.
Linuxfoundation Grpc Swift 1.0.0
Linuxfoundation Grpc Swift 1.1.0
Linuxfoundation Grpc Swift 1.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »