CVE-2023-1428

CVSS V2 None CVSS V3 None

Description

There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.

Overview

CVE ID
CVE-2023-1428

Assigner
Google

Vulnerability Status
PUBLISHED

Published Version
2023-06-09T10:46:54.244Z

Last Modified Date
2023-06-09T10:46:54.244Z

Weakness Enumerations

CWE	URL
CWE-617	http://cwe.mitre.org/data/definitions/617.html

References

Reference URL	Reference Tags
https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-1428
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1428

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 08:39:37				Added to TrackCVE