Davidspek

**Name of the Vulnerable Software and Affected Versions** gRPC (affected versions not specified) **Description** The issue arises when the gRPC HTTP2 stack encounters a header size exceeded error, causing it to skip parsing the rest of the HPACK frame. This results in a desynchronization of HPACK tables between the sender and receiver. If exploited, this could lead to requests from a proxy being interpreted as containing headers from different proxy clients, resulting in an information leak that can be used for privilege escalation or data exfiltration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.