Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an malicious user to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grpc grpc |
||
grpc grpc 1.56.0 |