5.3

CVE-2023-32732

EPSS 0.02%
Veröffentlicht 09.06.2023 11:15:09
Zuletzt bearbeitet 13.02.2025 17:16:32
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Grpc ≫ Grpc Version < 1.53.0

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.045

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cve-coordination@google.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

https://github.com/grpc/grpc/pull/32309

Patch

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-32732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32732

EUVD