CVE-2023-32732

CWE-4408 documents7 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 93.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Grpc Grpc Grpc Fedoraproject Fedora

Timeline

PublishedJun 9

Latest updateJul 6

Description

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5google/grpc1.53 — 1.54

▶RubyGemsgrpc1.53.0 — 1.53.1+1

▶PyPIgrpcio1.53.0 — 1.53.1+1

▶NVDgrpc/grpc< 1.53.0

▶Mavenio.grpc:grpc-protobuf1.53.0 — 1.53.1+1

Also affects: Fedora 37, 38

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

gRPC connection termination issue↗2023-07-06

▶

GHSA

gRPC connection termination issue↗2023-07-06

▶

OSV

CVE-2023-32732: gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error↗2023-06-09

▶

CVEList

Denial-of-Service in gRPC↗2023-06-09

▶

📋Vendor Advisories

Microsoft

Denial-of-Service in gRPC↗2023-06-13

▶

Red Hat

gRPC: denial of service↗2023-06-09

▶

Debian

CVE-2023-32732: grpc - gRPC contains a vulnerability whereby a client can cause a termination of connec...↗2023

▶