gRPC 1.54.1 for Go

CPE Details

gRPC 1.54.1 for Go
grpc
grpc
1.54.1
2023-10-18
13h52 +00:00
2023-10-18
13h52 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:grpc:grpc:1.54.1:*:*:*:*:go:*:*

Informations

Vendor

grpc

Product

grpc

Version

1.54.1

Target Software

go

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
High
CVE-2023-32731 2023-06-09 10h54 +00:00 When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
7.5
High