Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grpc grpc vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-4785
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an malicious user to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and R...
Grpc Grpc
Grpc Grpc 1.56.0
9.8
CVSSv3
CVE-2017-7860
Google gRPC prior to 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.
Grpc Grpc
9.8
CVSSv3
CVE-2017-7861
Google gRPC prior to 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
Grpc Grpc
7.5
CVSSv3
CVE-2023-33953
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded...
Grpc Grpc
9.8
CVSSv3
CVE-2020-7768
The package grpc prior to 1.24.4; the package @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
Grpc Grpc
9.8
CVSSv3
CVE-2017-8359
Google gRPC prior to 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
Grpc Grpc
9.8
CVSSv3
CVE-2017-9431
Google gRPC prior to 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
Grpc Grpc
7.5
CVSSv3
CVE-2023-1428
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of ...
Grpc Grpc
7.5
CVSSv3
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an...
Grpc Grpc
7.5
CVSSv3
CVE-2021-36154
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and previous versions allows remote malicious users to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.
Linuxfoundation Grpc Swift 1.0.0
Linuxfoundation Grpc Swift 1.1.0
Linuxfoundation Grpc Swift 1.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »