CVE-2023-4785

Name of the Vulnerable Software and Affected Versions gRPC versions 1.23 and later

Description The issue is related to a lack of error handling in the TCP server in Google's gRPC, which allows an attacker to cause a denial of service by initiating a significant number of connections with the server. This affects gRPC C++, Python, and Ruby, but does not affect gRPC Java and Go. The issue is present on posix-compatible platforms, such as Linux.

Recommendations For gRPC versions 1.23 and later, consider implementing proper error handling mechanisms in the TCP server to prevent denial of service attacks. As a temporary workaround, consider restricting the number of connections allowed to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.