rpm package
suse/grpc&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4
pkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-11407 | — | < 1.60.0-150400.8.8.1 | 1.60.0-150400.8.8.1 | Nov 26, 2024 | There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmi | ||
| CVE-2024-7246 | — | < 1.60.0-150400.8.8.1 | 1.60.0-150400.8.8.1 | Aug 6, 2024 | It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This oc | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1.60.0-150400.8.3.2 | 1.60.0-150400.8.3.2 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-4785 | — | < 1.60.0-150400.8.3.2 | 1.60.0-150400.8.3.2 | Sep 13, 2023 | Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are aff | ||
| CVE-2023-33953 | — | < 1.60.0-150400.8.3.2 | 1.60.0-150400.8.3.2 | Aug 9, 2023 | gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounde | ||
| CVE-2023-32731 | — | < 1.60.0-150400.8.3.2 | 1.60.0-150400.8.3.2 | Jun 9, 2023 | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an | ||
| CVE-2023-32732 | — | < 1.60.0-150400.8.3.2 | 1.60.0-150400.8.3.2 | Jun 9, 2023 | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom |
- CVE-2024-11407Nov 26, 2024affected < 1.60.0-150400.8.8.1fixed 1.60.0-150400.8.8.1
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmi
- CVE-2024-7246Aug 6, 2024affected < 1.60.0-150400.8.8.1fixed 1.60.0-150400.8.8.1
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This oc
- affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-4785Sep 13, 2023affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are aff
- CVE-2023-33953Aug 9, 2023affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounde
- CVE-2023-32731Jun 9, 2023affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an
- CVE-2023-32732Jun 9, 2023affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom