rpm package
suse/python-grpcio&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4
pkg:rpm/suse/python-grpcio&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-11407 | — | < 1.60.1-150400.9.10.1 | 1.60.1-150400.9.10.1 | Nov 26, 2024 | There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmi | ||
| CVE-2024-7246 | — | < 1.60.1-150400.9.10.1 | 1.60.1-150400.9.10.1 | Aug 6, 2024 | It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This oc | ||
| CVE-2023-30608 | — | < 1.60.1-150400.9.7.2 | 1.60.1-150400.9.7.2 | Apr 18, 2023 | sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of |
- CVE-2024-11407Nov 26, 2024affected < 1.60.1-150400.9.10.1fixed 1.60.1-150400.9.10.1
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmi
- CVE-2024-7246Aug 6, 2024affected < 1.60.1-150400.9.10.1fixed 1.60.1-150400.9.10.1
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This oc
- CVE-2023-30608Apr 18, 2023affected < 1.60.1-150400.9.7.2fixed 1.60.1-150400.9.7.2
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of