VYPR
High severityNVD Advisory· Published Sep 13, 2023· Updated Jan 12, 2026

Denial of Service in gRPC Core

CVE-2023-4785

Description

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
grpcRubyGems
>= 1.56.0, < 1.56.21.56.2
grpcRubyGems
>= 1.55.0, < 1.55.31.55.3
grpcRubyGems
>= 1.54.0, < 1.54.31.54.3
grpcRubyGems
>= 1.53.0, < 1.53.21.53.2
grpcioPyPI
>= 1.55.0, < 1.55.31.55.3
grpcioPyPI
>= 1.54.0, < 1.54.31.54.3
grpcioPyPI
>= 1.53.0, < 1.53.21.53.2

Affected products

68

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.