CVE-2025-54472
- EPSS 0.16%
- Published 14.08.2025 09:05:38
- Last modified 18.08.2025 18:35:46
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of cor...
CVE-2024-23452
- EPSS 0.24%
- Published 08.02.2024 09:15:46
- Last modified 04.06.2025 16:15:31
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenar...
CVE-2023-45757
- EPSS 3.82%
- Published 16.10.2023 09:15:11
- Last modified 21.11.2024 08:27:19
Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz pag...
CVE-2023-31039
- EPSS 0.32%
- Published 08.05.2023 09:15:09
- Last modified 21.11.2024 08:01:18
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execut...