Published: 09/06/2023 Updated: 15/06/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in github.com/grpc/grpc/pull/33005 github.com/grpc/grpc/pull/33005

Vulnerable Product	Search on Vulmon	Subscribe to Product
grpc grpc

DescriptionThe MITRE CVE dictionary describes this issue as: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver If leveraged, say, between a proxy and a backe ...

NVD-CWE-Other https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/33005 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-32731

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-32731

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect