High severityNVD Advisory· Published Sep 13, 2023· Updated Jan 12, 2026
Denial of Service in gRPC Core
CVE-2023-4785
Description
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
grpcRubyGems | >= 1.56.0, < 1.56.2 | 1.56.2 |
grpcRubyGems | >= 1.55.0, < 1.55.3 | 1.55.3 |
grpcRubyGems | >= 1.54.0, < 1.54.3 | 1.54.3 |
grpcRubyGems | >= 1.53.0, < 1.53.2 | 1.53.2 |
grpcioPyPI | >= 1.55.0, < 1.55.3 | 1.55.3 |
grpcioPyPI | >= 1.54.0, < 1.54.3 | 1.54.3 |
grpcioPyPI | >= 1.53.0, < 1.53.2 | 1.53.2 |
Affected products
68- osv-coords67 versionspkg:apk/chainguard/kube-fluentd-operatorpkg:apk/chainguard/kube-fluentd-operator-compatpkg:apk/chainguard/kube-fluentd-operator-default-configpkg:apk/chainguard/kube-fluentd-operator-oci-entrypointpkg:apk/wolfi/kube-fluentd-operatorpkg:apk/wolfi/kube-fluentd-operator-compatpkg:apk/wolfi/kube-fluentd-operator-default-configpkg:apk/wolfi/kube-fluentd-operator-oci-entrypointpkg:gem/grpcpkg:pypi/grpciopkg:rpm/opensuse/abseil-cpp&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/abseil-cpp&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/abseil-cpp&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/grpc&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/opencensus-proto&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/protobuf&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/protobuf&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/protobuf&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/python-abseil&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-grpcio&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/re2&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP4pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/grpc&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP4pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/protobuf&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/python-abseil&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python-grpcio&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/re2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/re2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/re2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/re2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/re2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/re2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/re2&distro=SUSE%20Manager%20Proxy%204.3
< 1.18.2-r1+ 66 more
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: >= 1.56.0, < 1.56.2
- (no CPE)range: >= 1.55.0, < 1.55.3
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 0.3.0+git.20200721-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 1.4.0-150400.9.3.1
- (no CPE)range: < 1.60.0-150400.9.3.2
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 20230802.1-150400.10.4.1
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 1.60.0-150400.8.3.2
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 25.1-150400.9.3.1
- (no CPE)range: < 1.4.0-150400.9.3.1
- (no CPE)range: < 1.60.0-150400.9.3.2
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20240201-150400.9.3.1
- (no CPE)range: < 20240201-150400.9.3.1
- Google/gRPCv5Range: 1.56.0
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-p25m-jpj4-qcrrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4785ghsaADVISORY
- github.com/grpc/grpc/pull/33656ghsaWEB
- github.com/grpc/grpc/pull/33667ghsaWEB
- github.com/grpc/grpc/pull/33669ghsaWEB
- github.com/grpc/grpc/pull/33670ghsaWEB
- github.com/grpc/grpc/pull/33672ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.ymlghsaWEB
- groups.google.com/g/grpc-io/c/LlLkB1CeE4UghsaWEB
- rubygems.org/gems/grpc/versions/1.53.2ghsaWEB
- rubygems.org/gems/grpc/versions/1.54.3ghsaWEB
- rubygems.org/gems/grpc/versions/1.55.3ghsaWEB
- rubygems.org/gems/grpc/versions/1.56.2ghsaWEB
News mentions
0No linked articles in our index yet.