Published: 13/09/2023 Updated: 19/09/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an malicious user to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grpc grpc
grpc grpc 1.56.0

Debian Bug report logs - #1056282 gpac: CVE-2023-47384 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001 Package: src:gpac; Maintainer for src:gpac is Debian QA Group <packages@qadebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 19 Nov 2023 19:57:04 UTC Severity: grave ...

Debian Bug report logs - #1059281 grpc: CVE-2023-4785 Package: src:grpc; Maintainer for src:grpc is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 12:15:02 UTC Severity: important Tags: security, upstream Reply or subscribe to this bug Toggle ...

DescriptionA flaw was found in gRPC Lack of error handling in the TCP server in Google's gRPC, starting in version 123 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server Note that gRPC C++, Python, and Ruby are affected, but ...

NVD-CWE-noinfo https://github.com/grpc/grpc/pull/33670 https://github.com/grpc/grpc/pull/33672 https://github.com/grpc/grpc/pull/33656 https://github.com/grpc/grpc/pull/33667 https://github.com/grpc/grpc/pull/33669 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056282 https://access.redhat.com/security/cve/cve-2023-4785

CVE-2023-4785

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect