Lucene search
PRIOn knowledge basePRION:CVE-2023-32731HistoryJun 09, 2023 - 11:15 a.m.
Design/Logic Flaw
2023-06-0911:15:00
PRIOn knowledge base
www.prio-n.com
8
design/logic flaw
grpc
http2
hpack
table desynchronization
information leak
privilege escalation
data exfiltration
grpc upgrade
nvd
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained inย https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
Related
nvd
nvd
CVE-2023-32731
2023-06-09 11:15:09
osv
osv
CVE-2023-32731
2023-06-09 11:15:09
Connection confusion in gRPC
2023-07-05 19:12:51
ibm
ibm
Security Bulletin: gRPC component is vulnerable to CVE-2023-32731 is used by IBM Maximo Application Suite
2023-08-29 21:17:39
ubuntucve
ubuntucve
CVE-2023-32731
2023-06-09 00:00:00
alpinelinux
alpinelinux
CVE-2023-32731
2023-06-09 11:15:00
redhatcve
redhatcve
CVE-2023-32731
2023-06-13 06:05:34
cvelist
cvelist
CVE-2023-32731 Information leak in gRPC
2023-06-09 10:54:08
wolfi
wolfi
CVE-2023-32731 vulnerabilities
2024-07-03 16:16:08
veracode
veracode
Connection Confusion
2023-07-07 03:56:21
cgr
cgr
CVE-2023-32731 vulnerabilities
2024-05-19 03:07:16
github
github
Connection confusion in gRPC
2023-07-05 19:12:51
debiancve
debiancve
CVE-2023-32731
2023-06-09 11:15:09
cve
cve
CVE-2023-32731
2023-06-09 11:15:09
nessus
nessus
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0573-1)
2024-02-22 00:00:00
openSUSE: Security Advisory for abseil (SUSE-SU-2024:0573-1)
2024-03-04 00:00:00