CVE-2023-32731

CWE-4408 documents7 sources

Severity

7.5HIGH

EPSS

0.1%

top 77.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Grpc Grpc Google Grpc

Timeline

PublishedJun 9

Latest updateJul 5

Description

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages5 packages

▶RubyGemsgrpc1.53.0 — 1.53.1+1

▶PyPIgrpcio1.53.0 — 1.53.1+1

▶NVDgrpc/grpc1.53.0 — 1.55.0

▶Mavenio.grpc:grpc-protobuf1.53.0 — 1.53.1+1

▶CVEListV5google/grpc1.53 — 1.54

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Connection confusion in gRPC↗2023-07-05

▶

GHSA

Connection confusion in gRPC↗2023-07-05

▶

OSV

CVE-2023-32731: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame↗2023-06-09

▶

CVEList

Information leak in gRPC↗2023-06-09

▶

📋Vendor Advisories

Microsoft

Information leak in gRPC↗2023-06-13

▶

Red Hat

gRPC: sensitive information disclosure↗2023-06-09

▶

Debian

CVE-2023-32731: grpc - When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing th...↗2023

▶