Ctiller

**Name of the Vulnerable Software and Affected Versions** gRPC versions prior to v1.53 **Description** The issue is related to the gRPC C++ implementation, where certain headers can cause an abort() to be called when sent via http2. The affected headers include `te: x` (where `x` is not `trailers`), `:scheme: x` (where `x` is not `http` or `https`), and `grpclb client stats: x` (where `x` can be any value). To trigger the issue, a later header must be sent that increases the total header size past 8KB. **Recommendations** To resolve the issue, upgrade to gRPC version v1.53 or later. As a temporary workaround, consider restricting the use of the vulnerable headers (`te`, `:scheme`, and `grpclb client stats`) in the affected API endpoints until a patch is available. Avoid using these headers in combinations that could exceed the 8KB header size limit.

**Name of the Vulnerable Software and Affected Versions** Google gRPC versions prior to 2017-03-29 **Description** The issue is caused by a heap-based use-after-free related to the `grpc call destroy` function in core/lib/surface/call.c, resulting in an out-of-bounds write. **Recommendations** For Google gRPC versions prior to 2017-03-29, update to a version released after 2017-03-29 to resolve the issue. As a temporary workaround, consider restricting access to the `grpc call destroy` function until a patch is available.