CVE-2024-7246Expected Behavior Violation in Grpc

CWE-440Expected Behavior Violation7 documents7 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 88.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GrpcGoogle Grpc
Timeline
PublishedAug 6
Latest updateAug 13

Description

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK ta

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Affected Packages2 packages

NVDgrpc/grpc1.59.01.59.5+7
CVEListV5google/grpc42 versions+41

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
CVE-2024-7246: It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients2024-08-06
GHSA
GHSA-ghwg-gpp4-w4x3: It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients2024-08-06
CVEList
HPACK table poisoning in gRPC C++, Python & Ruby2024-08-06

📋Vendor Advisories

3
Microsoft
HPACK table poisoning in gRPC C++, Python & Ruby2024-08-13
Red Hat
grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend2024-08-06
Debian
CVE-2024-7246: grpc - It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the ...2024
CVE-2024-7246 — Expected Behavior Violation in Grpc | cvebase