VYPR

Grpc

by Grpc

npm: grpc

Source repositories

CVEs (9)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2017-9431CriJun 5, 2017
    risk 0.64cvss 9.8epss 0.02

    Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.

  • CVE-2017-8359CriApr 30, 2017
    risk 0.64cvss 9.8epss 0.02

    Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

  • CVE-2017-7861CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.

  • CVE-2017-7860CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.

  • CVE-2026-33186CriMar 20, 2026
    risk 0.52cvss 9.1epss 0.01

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path`…

  • CVE-2024-11407Nov 26, 2024
    risk 0.00cvss epss 0.01

    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before…

  • CVE-2024-7246Aug 6, 2024
    risk 0.00cvss epss 0.00

    It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This…

  • CVE-2020-7768Nov 11, 2020
    risk 0.00cvss epss 0.04

    The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.