VYPR

rpm package

suse/grpc&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5

pkg:rpm/suse/grpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Vulnerabilities (7)

  • CVE-2024-11407Nov 26, 2024
    affected < 1.60.0-150500.11.8.1fixed 1.60.0-150500.11.8.1

    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmi

  • CVE-2024-7246Aug 6, 2024
    affected < 1.60.0-150500.11.8.1fixed 1.60.0-150500.11.8.1

    It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This oc

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-4785Sep 13, 2023
    affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2

    Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are aff

  • CVE-2023-33953Aug 9, 2023
    affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2

    gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounde

  • CVE-2023-32731Jun 9, 2023
    affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2

    When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an

  • CVE-2023-32732Jun 9, 2023
    affected < 1.60.0-150400.8.3.2fixed 1.60.0-150400.8.3.2

    gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom