gRPC 1.52.0 for Go

CPE Details

gRPC 1.52.0 for Go
grpc
grpc
1.52.0
2023-10-18
13h52 +00:00
2023-10-18
13h52 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:grpc:grpc:1.52.0:-:*:*:*:go:*:*

Informations

Vendor

grpc

Product

grpc

Version

1.52.0

Update

-

Target Software

go

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
High
CVE-2023-32732 2023-06-09 10h48 +00:00 gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
5.3
Medium
CVE-2023-1428 2023-06-09 10h46 +00:00 There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
7.5
High