CVE-2023-32732
published 2023-06-09CVE-2023-32732: gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | grpc | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| grpc | >= 1.53 < 1.54 | 1.54 | |
| grpc | grpc | < 1.53.0 | 1.53.0 |
| grpc | grpc | >= 1.53.0 < 1.53.1 | 1.53.1 |
| grpc | grpc | >= 1.54.0 < 1.54.2 | 1.54.2 |
| msrc | azl3_grpc_1.42.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM