rpm package
suse/abseil-cpp&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | < 20230802.1-150400.10.4.1 | 20230802.1-150400.10.4.1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-4785 | — | < 20230802.1-150400.10.4.1 | 20230802.1-150400.10.4.1 | Sep 13, 2023 | Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are aff | ||
| CVE-2023-33953 | — | < 20230802.1-150400.10.4.1 | 20230802.1-150400.10.4.1 | Aug 9, 2023 | gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounde | ||
| CVE-2023-32731 | — | < 20230802.1-150400.10.4.1 | 20230802.1-150400.10.4.1 | Jun 9, 2023 | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an | ||
| CVE-2023-32732 | — | < 20230802.1-150400.10.4.1 | 20230802.1-150400.10.4.1 | Jun 9, 2023 | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom |
- affected < 20230802.1-150400.10.4.1fixed 20230802.1-150400.10.4.1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-4785Sep 13, 2023affected < 20230802.1-150400.10.4.1fixed 20230802.1-150400.10.4.1
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are aff
- CVE-2023-33953Aug 9, 2023affected < 20230802.1-150400.10.4.1fixed 20230802.1-150400.10.4.1
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounde
- CVE-2023-32731Jun 9, 2023affected < 20230802.1-150400.10.4.1fixed 20230802.1-150400.10.4.1
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an
- CVE-2023-32732Jun 9, 2023affected < 20230802.1-150400.10.4.1fixed 20230802.1-150400.10.4.1
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom