CVE-2023-32732

CVSS V2 None CVSS V3 None

Description

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

Overview

CVE ID
CVE-2023-32732

Assigner
Google

Vulnerability Status
PUBLISHED

Published Version
2023-06-09T10:48:15.075Z

Last Modified Date
2023-06-09T10:48:15.075Z

Weakness Enumerations

CWE	URL
CWE-440	http://cwe.mitre.org/data/definitions/440.html

References

Reference URL	Reference Tags
https://github.com/grpc/grpc/pull/32309
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-32732
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32732

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 11:35:08				Added to TrackCVE