PT-2023-4873 · Google+3 · Grpc+3

Choeminji

Publicado

2023-06-09

Atualizado

2026-02-18

CVE-2023-32731

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions gRPC (affected versions not specified)

Description The issue arises when the gRPC HTTP2 stack encounters a header size exceeded error, causing it to skip parsing the rest of the HPACK frame. This results in a desynchronization of HPACK tables between the sender and receiver. If exploited, this could lead to requests from a proxy being interpreted as containing headers from different proxy clients, resulting in an information leak that can be used for privilege escalation or data exfiltration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-440

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2025-4089

BDU:2023-05360

CVE-2023-32731

GHSA-CFGP-2977-2FMM

OPENSUSE-SU-2024:13621-1

OPENSUSE-SU-2024:13634-1

OPENSUSE-SU-2024_0573-1

RHSA-2024:10761

RHSA-2024_10761

SUSE-SU-2024:0573-1

Produtos afetados

Alt Linux

Red Hat

Suse

Grpc

PT-2023-4873 · Google+3 · Grpc+3

CVE-2023-32731

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37